ISM 4329 - Incident Investigation and Forensics

College of Computer & Information Technology

Credit(s): 3
Contact Hours: 47
Effective Term Summer 2021 (590)

Requisites

Admission to Cybersecurity (Bachelor of Applied Science) (CYSEC-BAS)

Course Description

This course examines the process of detecting and investigating attacks against various computer systems in order to collect evidence in a forensically sound manner with the intent to report criminal activity and also to prevent future attacks. Topics include Windows, Macintosh, and Linux forensics, steganography, data acquisition, file system analysis, data recovery, password cracking, e-mail forensics, malware analysis, network forensics, and other advanced techniques in computer investigation and analysis. This course contains foundational coverage in preparing for EC-Council’s Computer Hacking Forensic Investigator (CHFI) certificate. Students will need additional remediation to ensure success on the exam.

Learning Outcomes and Objectives

  1. Students will evaluate digital forensic investigations and incident response procedures by:
    1. listing the objectives and the benefits of computer forensics.
    2. assessing physical security needs and how to configure a forensic lab.
    3. implementing the process to investigate a company policy violation.
    4. explaining first responder procedures for collecting electronic evidence.
    5. identifying the guidelines for writing an investigative report.
  2. Students will implement the investigation of files, operating systems, and storage devices by:
    1. summarizing how hard disks, file systems, and digital media devices operate.
    2. describing how the boot processes work for various operating systems.
    3. explaining how to collect volatile and nonvolatile evidence from the Windows operating system.
    4. comparing Linux forensic procedures with the techniques used in a Windows environment.
    5. applying various password cracking methods in order to access protected data.
  3. Students will analyze the investigation of data, partitions, and image files by:
    1. comparing the differences between steganography and cryptography.
    2. describing how to choose the best data acquisition method for a particular device.
    3. demonstrating how to perform data acquisition, duplication, and forensic investigation using the Encase software tool.
    4. summarizing how to conduct an image file forensic investigation.
    5. executing the recovery of hidden partitions, file fragments, and deleted image files.
  4. Students will appraise network intrusions and cybercrime investigations by:
    1. listing the reasons and methods for investigating network traffic.
    2. identifying the different types of Web server attacks and their countermeasures.
    3. describing how router forensics differs from traditional forensics.
    4. analyzing the different types of Denial of Service attacks and the challenges of investigating them.
    5. reviewing the unique features involved with the investigation of internet and e-mail crime.
    6. comparing the different types of investigations relating to trademarks, copyrights, sexual harassment, and child pornography.

Criteria Performance Standard

Upon successful completion of this course the student will demonstrate, with minimum 70% accuracy, mastery of each of the above stated objectives through classroom measures developed by the individual course instructors.

History of Changes

C&I Approval: 02/21/2020, BOT Approval: 03/17/2020, Effective Term: Fall 2020 (580).
C&I Approval: , BOT Approval: , Effective Term: Summer 2021 (590)

Related Programs

  1. Cybersecurity (CYSEC-BAS) (610) (Active)