CJE 3214 - Advanced Topics in Digital Forensics

College of Public Safety Administration

Credit(s): 3
Contact Hours: 47
Effective Term Spring 2022 (600)

Requisites

Pre- or Co-requisite CCJ 3075 with a minimum grade of C and
Admission to Public Safety Administration (Bachelor of Applied Science) (PSA-BAS)

Course Description

This course is designed to be an advanced course in digital forensics that focuses on special investigative topics. These topics include the legal and technical challenges faced by an investigator who is conducting a cloud forensic investigation. The course also discusses how to conduct an analysis of volatile data and system memory areas. The different characteristics of dark web investigations are considered as well. Finally, case studies are provided to show some examples of anti-forensic methods that may hinder an investigation of computer forensics.

Learning Outcomes and Objectives

  1. Students will evaluate various anti-forensic techniques by:
    1. summarizing the techniques used to hide data and the methods used to destroy evidence artifacts.
    2. describing how encryption is used to prevent confidential files or data from being accessed.
    3. comparing the technique of spoofing with obfuscation when used as an anti-forensic strategy.
    4. explaining how onion routing is used to send anonymous communications over a computer network.
    5. appraising the anti-forensic methods used in case studies such as the Zacharias Moussaoui case and the BTK Killer case.
  2. Students will identify the unique challenges presented by cloud forensic investigations by:
    1. describing how to identify evidential artifacts from the three different sources of cloud service models (SaaS, IaaS, and PaaS).
    2. summarizing the legal challenges presented in a cloud forensic investigation.
    3. explaining the primary technical challenges in acquiring cloud data.
    4. choosing the best remote access tools to be used for various cloud investigations.
    5. examining how evidence sources such as application logs, user authentication logs, and database logs can be used to identify artifacts within a cloud infrastructure.
  3. Students will analyze the investigation of memory forensics by:
    1. defining what volatile data is and why it is import to certain investigations.
    2. describing how to collect volatile data from a computer’s memory dump.
    3. explaining how to investigate and identify malicious behaviors that do not leave easily detectable evidence on hard drive data.
    4. reviewing how system memory can provide unique insights into runtime system activity, including open network connections and recently executed commands or processes.
    5. distinguishing between common commercial and open source tools that are designed solely for conducting memory forensics.
  4. Students will analyze the methods used in dark web investigations by:
    1. enumerating the differences between the surface web, the deep web, and the dark web.
    2. contrasting the differences between anonymity, confidentiality, and privacy.
    3. demonstrating how to access dark web marketplaces using onion routing and the Tor Browser.
    4. describing what cryptocurrencies are and how they work.
    5. comparing the features of various cryptocurrencies such as Bitcoin, Ethereum, and Litecoin.
    6. explaining how to collect evidential artifacts from the Tor Browser, Bitcoin wallet, and the Windows Registry.

Criteria Performance Standard

Upon successful completion of the course the student will, with a minimum of 70% accuracy, demonstrate mastery of each of the above stated objectives through classroom measures developed by individual course instructors.

History of Changes

C&I Approval: , BOT Approval: , Effective Term: Spring 2022 (600)

Related Programs

  1. Public Safety Administration (PSA-BAS) (655) (Active)