Cybersecurity Center

CS305 Introduction to Computer Forensics

 Introduction to Computer Forensics. (3)  An introduction to computer forensics. The course will cover a range of computer hardware and forensics software tools on current and past operating systems. Prerequisite: CS 101 or CS 114 or CS 214 or equivalent.

Learning Outcomes

  • Identify the functions of primary hardware and understand the basic storage mechanisms involved in mechanical, optical and flash storage devices, manually disassemble a PC computer, identify the primary components and reassemble the computer, and have a grasp of the vocabulary and concepts in mapping file systems, (sectors, clusters, disk slack, and file slack).
  • Explore image formats, acquisition methods, contingency planning, data validation and analysis of digital evidence for a variety of data storage devices, OSs and storage variations including Windows, Mac and Unix/Linux, RAID drives, Mobile Storage, and Cloud storage. 
  • Use various acquisition software tools, including Passmark OSForensics, Source Forge Autopsy, XWays HexWorkshop and FTK imager and Registry Viewer, to acquire, validate, and explore digital evidence.
  • Discuss legal and technical challenges encountered during investigations, including applicable laws affecting searching and seizure of electronic evidence, methods, policies and procedures for conducting forensic analysis, and authority, roles and responsibilities of parties involved.