• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!



This version was saved 10 years, 2 months ago View current version     Page history
Saved by Sean Ellis
on December 4, 2013 at 9:56:07 pm

CET4861 Advanced Digital Forensics





Covers theory of forensic procedures, review of identification, imaging, and authentication, review of FAT file system, NTFS and EXT3 file systems, partitioning, Window’s logical analysis, and email and web history analysis.


If this is the first time reading this page make sure you read the ENTIRE page first! Then you can jump into the downloads below. 


Download links: 


This course is taught at Daytona State College as part of the Engineering Technology program.  




How My Classes Work


Lectures are provided via recorded video lectures that you play through your browser.


I STRONGLY SUGGEST that you run the video and follow what I’m doing on screen. That is, duplicate what I do, or duplicate what is done on the videos that come with the textbook The ONLY way to learn is by DOING. You can follow along with what I’m doing in order to help you understand the concepts, and to provide you with some confidence that this stuff isn’t magic. Pause the video, duplicate what I’ve done, and repeat.



How are you going to run Linux if you only have one computer running Windows?  Good question Grasshopper. As a student you have access to a free copy of VMWare Workstation. Workstation is a virtualization technology that allows you to run multiple operating systems on a computer, just as if you had multiple physical systems. Cool!  


You are expected to install Workstation and a Linux distribution within Workstation.  It's not rocket science, but it does require some work!


Course Outcomes


By the end of this course the successful student will be able to:




  • Identify, image, and authenticate digital evidence.
  • Employ Linux and Windows-based digital forensics tools for a particular forensic task.
  • Identify key components of various file systems.
  • Perform an analysis of email and web history.
  • Demonstrate an understanding of data hiding techniques.
  • Cell phone analysis! (I’m working on this ….) 








File System Forensic Analysis [Paperback], Brian Carrier 

Paperback: 600 pages 

Publisher: Addison-Wesley Professional; 1 edition (March 27, 2005) 

Language: English 

ISBN-10: 0321268172 




Course Lectures


Click here to view All Course Lectures


Course lectures are usually 10-30 minutes long, and are in MP4 format.  More information is available or individual lectures in the link above.


I suggest you save each lecture to your hard drive so you may access it anytime. Pause when you need to. Replay when you need to.  Have you ever tried doing that in a 'live' class?  Maybe a couple of times, but now YOU are in control.


Also, an analogy: I bought Tiger Woods' book on golf. Read the whole thing cover to cover. Now I can play golf just like Tiger. Nope.  Have to practice, again and again and again. Same thing goes for this class. Can't learn by just watching a lecture. You MUST practice, as much as possible.  I highly suggest that while watching the video you have your Linux virtual machine running. Pause the video when I run a command. Run the command, see what it does.  Start the video, and repeat.  


You may ask: "Why are your videos so much shorter than a regular class?"  Have you ever seen a recording of a regular class?  Most of it is 'dead space,' nothing being said, idle chit chat, etc.  My lectures are intentionally 'dense' with material.  Take a 1.5 hour lecture, remove extraneous information, pauses, chit chat, dead space, and voila -- a condensed version that is 10-30 minutes. The 'Cliff Notes' of lectures (you young people may have to Google that).  


It takes more time to edit my videos than record them.  The condensed version allows you use YOUR time more wisely.  There's no sense in doing it any other way. You're welcome. :)



Major Topics Covered in This Course

  • Computer Forensics and Investigation as a Profession (review)
  • Understanding Computing Investigations (review)
  • Data Acquisitions (review)
  • Processing Crime and Incident Scenes (review)
  • Working with Windows
  • Current Computer Forensics Tools
  • Macintosh and Linux Boot Processes and File Systems
  • Computer Forensics Analysis and Validation
  • Recovering Graphics Files
  • E-mail Investigations
  • Report Writing for High-Tech Investigations 



Previous Assignments


What do my assignments look like?  Good question, so here are a few sample assignments below.  Note that I change them every semester.  Why? Because 10% of the students in a class will usually be lazy and try to get by, if they can, by finding students from previous classes and using their assignments.  That's cheating, and it does a disservice to the student (who learns nothing), as well as the other students in the class who work hard to get a decent grade.  God help students that cheat.






CET4663 (Computer and Network Security), AND CET4860/4885.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                




Comments (0)

You don't have permission to comment on this page.