Approved Course Outline

CJE 3213 - Digital Forensics in Public Safety

College of Public Safety Administration

Credit(s): 3
Contact Hours: 47

Effective Term Spring 2022 (600)

Requisites

Pre- or Co-requisite CCJ 3075 with a minimum grade of C and
Admission to Public Safety Administration (Bachelor of Applied Science) (PSA-BAS)

Course Description

This course provides a broad overview of digital forensic investigations. It begins by examining the fundamentals of system forensics, including defining the cyber forensics process, the role of the computer forensics specialist, and the application of forensic analysis skills to various types of investigations. The course also provides the student with an overview of various computer crimes, as well as the forensic methods applicable to each kind of investigation. The course also discusses the tools, techniques, and methods used to perform digital forensic investigations on a variety of data, operating systems, and hardware devices.

Learning Outcomes and Objectives

Students will describe the procedures used in a typical digital investigation by:
1. Defining the basic elements involved in a digital forensic investigation.
2. Explaining the steps used to prepare for computer investigations.
3. Comparing the differences between public-sector and private-sector investigations.
4. Listing the hardware and software requirements for a digital forensics lab.
5. Identifying the criteria for selecting a basic forensic workstation.
Students will identify the most common forensic acquisition procedures by:
1. Describing how to choose the most appropriate acquisition method for a given case.
2. Explaining how to use common acquisition tools and how to validate data acquisitions.
3. Contrasting how to collect evidence at private-sector incident scenes versus law enforcement crime scenes.
4. Analyzing the guidelines for seizing digital evidence at a crime scene.
Students will evaluate various file systems and forensic tools by:
1. Explaining the purpose of and basic structure of different file systems.
2. Characterizing the structure of various Microsoft Windows file systems.
3. Comparing commonly used digital forensics software tools.
4. Contrasting various digital forensics hardware tools.
5. Differentiating between common Linux file structures and file structures used by Apple products.
6. Summarizing how to use common Linux-based forensics tools.
Students will examine the processes used to acquire graphics files, hidden files, and other data types by:
1. Summarizing how to locate, recover, and repair graphics files.
2. Describing how to identify and work with unknown file formats.
3. Determining what data to analyze in a digital forensic investigation.
4. Classifying the most common tools used to locate data on a system.
5. Assessing how to circumvent common data-obfuscation techniques.
Students will explain the forensic procedures used on networks, virtual machines, and social media by:
1. Enumerating the standard procedures for conducting forensic analysis of virtual machines.
2. Summarizing the standard procedures used in network forensics investigations.
3. Describing the tasks in investigating e-mail crimes and violations.
4. Detailing the methods used to investigate social media artifacts.
Students will assess forensic reports and forensic testimony by:
1. Describing the guidelines for writing forensic reports.
2. Explaining how to use forensics tools to generate reports.
3. Listing the guidelines for giving testimony as a fact witness or an expert witness.
4. Summarizing the procedures for preparing forensics evidence for testimony.

Criteria Performance Standard

Upon successful completion of the course the student will, with a minimum of 70% accuracy, demonstrate mastery of each of the above stated objectives through classroom measures developed by individual course instructors.

History of Changes

C&I Approval: , BOT Approval: , Effective Term: Spring 2022 (600)

Related Programs

Public Safety Administration (PSA-BAS) (655) (Active)