300447 Computer Forensics Workshop Template
This template hs been provided for your reference only, it descibes 2006 delivery, not the current one. Please check later for an updated version.
UWS,
School of Computing and Information Technology offers Bachelor
of Computer Science degree, course 3506.4 The
course has been structured to accommodate Computer Forensics Major. A compulsory
unit for
the major is 300447
Computer Forensics Workshop
(level UG 300, delivery:
Penrith campus only). The Workshop is the capstone unit for the Computer
Forensics major, and it provides
students with practical hands-on work of an investigative
nature. This unit is highly technically
demanding and requires students to probe deep within the operating system
disk structures and the
network with full administrator rights.
Prerequisites:
300149 Operating
Systems
300165 Systems Administration Programming
300143 Network Security
This unit is composed
of a series of investigative workshops that put into practice, in a Computer
Forensics context, many of the technical
skills developed in earlier pre-requisite units. The unit is intended to
not only further develop these skills but to instill: best technical practice,
sound understanding of technical investigative techniques, and documentation
of the results of investigation. Workshop topic areas include: clean media
copying techniques, search and identification of hidden data, building
profiles of computer activities through probing and analysis of log files,
and how
to prepare a system and network to best support subsequent intrusion and
activity detection.
Students who successfully
complete this unit will be able to:
- prepare forensically
clean storage media to accept image copies of suspect media;
- perform an
image copy from multiple storage media types without altering the source
media;
- locate and identify
data/files that are hidden or obfuscated on the media;
- reconstruct, in part
or totally, deleted data or files that remain on
the media;
- apply cryptographic
and steganographic techniques where appropriate and viable;
- extract data
from log files maintained by the operating system, web and email servers,
and network proxies and firewalls;
- extract data from caches
maintained by both server and client machines;
- analyse and interpret
extracted log and cache data;
- document and present
the results obtained from the above activities;
- use standard "off
the shelf" software packages and hand written
code to undertake the above tasks;
- perform the
above tasks in multiple operating systems environments.
This unit will cover the
following topics:
- Media preparation and
copying techniques;
- File system structures
and file type identification techniques;
- Applied cryptography
and steganography (introductory only);
- The location, structure,
and interpretation of log and cache based data associated with operating
systems, web and
email systems, and the network;
- Documentation and presentation
standards;
- Selected industry standard
software tools.
The unit’s assessment
is all continuous, there is no final exam. Assessment items are as follows,
all are based on individual student work:
10 Workshop Reports @ 7.5% each, total 75%
1 Minor Assignment @ 10%
1 Major Assignment @ 15%
|