Page 1 of 12

ITDF-1300 Introduction to Digital Forensics

Spring 2016 Winter Term

Section: 82489/92400

Instructor: Jason Alvarado

Classroom: Online Contents

The Basics ....................................................................................................................................... 3

Course Description ..................................................................................................................... 3

Prerequisites ............................................................................................................................... 3

Course Dates .............................................................................................................................. 4

Text Book & Other Required Material ...................................................................................... 4

Learning Outcomes .................................................................................................................... 4

SCANS ....................................................................................................................................... 4

Instructor Information ..................................................................................................................... 4

Contact Info ............................................................................................................................... 4

Office hours ............................................................................................................................... 5

Instructor Meeting ...................................................................................................................... 5

Classroom Policies .......................................................................................................................... 5

Online Attendance Policy .......................................................................................................... 5

Classroom Behavior ................................................................................................................... 5

Communication with the instructor ............................................................................................ 5

Assignment submission policy .................................................................................................. 5

Grading ........................................................................................................................................... 6

Categories ................................................................................................................................... 6

Weight ........................................................................................................................................ 7

Grade Disputes ........................................................................................................................... 7

Course Calendar .............................................................................................................................. 7

Week 1 – Aug 31- Sep 6 ............................................................Error! Bookmark not defined.

Week 2 – Sep 7- 13 ....................................................................Error! Bookmark not defined.

Week 3 – Sep 14-20 ...................................................................Error! Bookmark not defined.

Week 4 – Sep 21-27 ...................................................................Error! Bookmark not defined.

Week 5 – Sep 28 – Oct 4 ...........................................................Error! Bookmark not defined.

Week 6 – Oct 5-11 .....................................................................Error! Bookmark not defined.

Week 7 – Oct 12- 18 ..................................................................Error! Bookmark not defined.

Page 2 of 12

Week 8 - Oct 19 - 25.................................................................Error! Bookmark not defined.

Week 9 – Oct 26-Nov 1 .............................................................Error! Bookmark not defined.

Week 10 Nov 1 - 8 .....................................................................Error! Bookmark not defined.

Week 11 Nov 9 - 15 ...................................................................Error! Bookmark not defined.

Week 12 Nov 15 - 22 .................................................................Error! Bookmark not defined.

Week 13 – Nov 23-29 ................................................................Error! Bookmark not defined.

Week 14 – Nov 30 - Dec 6.........................................................Error! Bookmark not defined.

Week 15 Dec 7th – Dec 13th .....................................................Error! Bookmark not defined.

Dec 14th – Dec 17......................................................................Error! Bookmark not defined.

Academic Honesty ......................................................................................................................... 9

Institution Policies ....................................................................................................................... 12

Page 3 of 12 The Basics

Welcome to Digital Forensics! This is an exciting field that is steadily growing every day. In this

class you will learn an overview of the Digital Forensics field, the tools and techniques we use,

how we conduct an investigation and create forensic reports. As this is an introductory course,

we will touch on many topics, but not spend too much time on them. As you progress through

the Associates of Applied Science degree program we will spend focused time on each topic.

It is my hope that you have chosen Digital Forensics as a career path. If you have not already

done so, you should see myself or a STEM/CTE advisor to formally declare this degree plan. I

would also like you to schedule a meeting with me to personally discuss your career goals,

aspirations, problems, concerns etc. I have an open door policy and will be available during

office hours and by appointment. Please come see me as often as you need to, I cannot help you

if I don’t know about the problem.

It is important to complete all of your assignments on time, and do you very best on all quizzes

and tests. This course will feel like a full time job and requires a high degree of personal

responsibility.

I look forward to watch you grow and succeed in this exciting field!

Sincerely,

Jason Alvarado

Lead Faculty, Digital Forensics

Course Description A study of the application of forensic science and technology to collect, analyze, document, and

present after-the-fact digital information from digital sources while maintaining a documented

chain of custody to determine exactly what happened on a digital device. Overview of ethics,

white collar crime, HIPAA, SOX, GLBA, and other legal guidelines/regulations/laws. Includes

overview of tools used for forensic analysis of digital devices seized in investigations. Also

covers securing a search warrant, collecting digital evidence, protecting digital evidence, and

obtaining information from offenders. (2 Lec., 4 Lab.)

Prerequisites

• ITSC 1405 - Introduction to PC Operating Systems

• ITSC 1425 – Personal Computer Hardware

• OR Instructor approval

Digital Forensics is a technical discipline. It is expected that students entering the Digital

Forensics degree or certificate programs be familiar with computers at an A+ level. An A+

certificate is not required, but the student should be comfortable with computer hardware and

operating systems (http://certification.comptia.org/docs/default-source/exam-

objectives/comptia_a_220-801_objectives.pdf).

In additional too hardware and operating system familiarity, the student should be comfortable

with Microsoft Office.

Page 4 of 12

Course Dates

• Winter Semester – December 18th – 23rd 2016, January 4th - December 14th, 2016

• Holidays

o Dec 34th – Jan 3rd

• Last day to drop a class with a "W"- January 7th, 2016.

• Certification Date – December 22nd – This impacts students with financial aid. Any

student who has not posted an introduction this date WILL NOT be certified. You may

still attended class and achieve a grade, but your financial aid status may be impacted.

Text Book & Other Required Material Easttom, Chuck. System Forensics, Investigation, and Response, 2nd ed., Burlington,

MA: Jones & Bartlett Learning, 2014. Richland College Bookstore ISBN:

9781284031058

• Lab notebook - Loose leaf according to lab standard acceptable. Basic bound lab

notebook acceptable. Professional grade lab notebook recommended

(http://www.amazon.com/BookFactory%C2%AE-Lab-Notebook-Laboratory-LRU-168-

SRS-A-LKMST1/dp/B0062OGKT8/ref=sr_1_2?ie=UTF8&qid=1420823079&sr=8-

2&keywords=L21-150-R )

Learning Outcomes

• Identify crimes committed using digital devices;

• Define the role of the digital forensics technician in investigating crimes or incidents

• Identify the tools used to collect and analyze information stored on digital devices

• Describe proper handling of evidence obtained during investigation for civil or criminal

proceedings including chain of custody.

http://www.thecb.state.tx.us/apps/wecm/PubDispRegular.cfm?CRSID=4277

SCANS The Secretary's Commission on Achieving Necessary Skills (SCANS) was appointed by the

Secretary of Labor to determine the skills our young people need to succeed in the world of

work. The Commission's fundamental purpose is to encourage a high-performance economy

characterized by high-skill, high-wage employment.

Basic Skills: Reading, Writing, Listening, Speaking

Thinking Skills: Decision Making, Problem Solving, Knowing How to Learn, Reasoning

Personal Qualities: Responsibility, Self-Esteem, Integrity/Honesty

Competencies: Interpersonal, Information, Technology

Instructor Information

Jason Alvarado

Contact Info

Page 5 of 12

Ph: 972.761.6720

Del Rio Hall, D128

Office hours No office hours will be held during the Winter Term. You may interact with the instructor via the

Instructor Information in eCampus.

Instructor Meeting All students enrolled in the Digital Forensics degree programs are required to schedule a 30-

minute meeting with the Lead Faculty member, Jason Alvarado, each long semester.

Classroom Policies

Online Attendance Policy

Accessing the course and participating in the discussions is mandatory. When a discussion is

scheduled, you are to post an initial response and 2 well thought out responses. This is the

minimum required and that will earn you a passing grade for the discussion. Going beyond on

your posts will earn high points. Posting late, like on a Sunday will earn you a minimum amount

of points.

Classroom Behavior

• Students will be respectful to the teacher and other students.

Communication with the instructor When sending an email to me the following conventions should followed:

• The course number and section must be at the beginning of the subject, followed by a

brief description. Example – Subject: ITDF-1300-83400 My Discovery Event Request.

• Emails should be professional in nature. They should not contain any texting language. It

should be clear to the instructor who the email is from. You can learn to write a

professional email

at http://www.englishtown.com/community/channels/article.aspx?articlename=184-email

• Before contacting the instructor read the syllabus, it probably has the answer!

• Before entering any office, it is customary to knock first, even if the door is open.

• Appointments guarantee I will be available!

Assignment submission policy Unless otherwise specified by the instructor all written assignments will be submitted in a

Microsoft Word formatted document. This software package is available on all campus lab

computers. DCCCD students may also legally acquire and install MS Office FOR FREE.

See http://www.dcccd.edu/SS/OnlineSvs/Pages/MSOffice.aspx for details.

At no time should a student submit a zip, arj, rar, or other compressed file. All work to be

included should in the single word docx or pdf file. Supporting screenshots, lab notes, etc should

be included as appendix items.

Page 6 of 12

This program is designed as a workforce preparation program. In this field, as in most other work

environments, we work against deadlines. Failure to meet those deadlines can have severe

penalties. In digital forensics, it could mean losing a court case or putting lives and property in

jeopardy. Therefore, late assignments will only be accepted under the following conditions:

• Instructor approval.

• The student communicates with the instructor prior to the deadline the reason for the late

submission.

• The assignment will be no more than 1 week late.

• The student agrees to a 20% penalty (20% will be taken off of the assessed grade, you

start at an 80%).

Grading

All grades will be divided into categories. Each category will contribute to the final letter grade

in a weighted average.

A: 90.0 to 100.0

B: 80.0 to 89.9

C: 70.0 to 79.9

D: 60.0 to 69.9

F: 59.9 and under

***The will be no rounding of the weighted average, do not ask***

Categories Assignments will be divided into the following categories:

Lab- Laboratory assignments will be assigned regularly. The will consist of performing a lab

exercise, handwritten notes, and a lab report. All lab reports will be in an ITDF-1300 report

format (you will be instructed in this). Lab notes will be kept in the prescribed manner.

Assignments- Assignments are any other daily work assigned by the instructor. This can be

daily writing, exercises, weekly closure writing ect…

Quiz- There will be a quiz based on the material from each chapter or assigned reading. Quizzes

will be scheduled on the class calendar. If a quiz is scheduled, it will begin at the start of the

class and will end 15 minutes later. No late submissions will be accepted. If you are absent you

will miss the quiz and earn a 0.

Major Test- Two major tests will be scheduled—a midterm, and a final exam. The tests may

consist of questions from the lecture, chapter reading, and other assigned material. It may contain

a practical exercise.

Discovery Event- In Digital Forensics, the ability to create a report, present a report, and defend

a report is an essential duty of an expert witness (YOU!!). In the discovery event you will be

Page 7 of 12

Category Assigned

Weight

Labs 40% Assignments 7.5%

Quiz 7.5%

Major Tests 20%

Discovery Event 15%

Attendance 10%

required to choose an instructor approved topic. You will then write an ITDF-1300 style report.

You will create a 15 minute presentation and give it to the class. The class and instructor will ask

you questions about your report and critique the presentation.

This is to be considered a major project. Only two discovery event presentations will be allowed

per week. First come, first serve. The presentation day must be requested via email, and

approved by me one week (7 calendar days) in advance. It is your responsibility to choose the

topic, have it approved, and schedule the presentation.

These discovery events will be a regular assignment throughout the Digital Forensic course of

study.

Attendance- See the classroom attendance policy on this topic for the explanation.

Participation- This is not a lecture only class. Daily participation is required. Like attendance,

you will start with a 100%. Points will be deducted weekly for not participating in the class

discussion or group activities.

Extra Credit- May be assigned at my sole discretion. Any extra credit will be given out a fair

and equitable manner to the entire class. Do not request extra credit to replace a missed

assignment test or quiz, it will not be granted.

Weight

Grade Disputes If you have a grade dispute for any assignment, quiz or test, you must submit a written or

emailed protest to the instructor within 7 calendar days of the grade being entered. After 7 days

the grade is permanent and will not be changed for any reason.

Course Calendar

This course calendar is a basic guide to assigned readings and what assignments are due. I

reserve the right to change the assignments as needed. Any changes will be communicated to you

in advance verbally or through eCampus.

Grading Category

Activity Title

12/21-12/23 Lesson 1: Computer Crime and Forensics Methods

Page 8 of 12

Required Readings

Chapter 1, “Introduction to Forensics” Chapter 2, “Overview of Computer Crime” Chapter 3, “Forensic Methods and Labs” Chapter 15, “System Forensics Resources”

Discussion Introductions

Discussion Week 1 Discussions

Assignment The Art of War

Lab

Lab 1: Introduction to File Systems Lab 2: Common Locations of Windows Artifacts Lab 3: Hashing Data Sets Lab 4: Drive Letter Assignments in Linux

Quiz Complete Chapter Quizes

1/4-1/8 Lesson 2: Collecting, Seizing, Protecting, and Recovering Evidence

Required Readings

Chapter 4, “Collecting, Seizing, and Protecting Evidence” Chapter 5, “Understanding Techniques for Hiding and Scrambling Information” Chapter 6, “Recovering Data”

Discussion

Week 2 Discussions

Assignment

The Art of War

Lab

Lab 5: The Imaging Process Lab 6: Introduction to Single Purpose Forensic Tools Lab 7: Introduction to the Autopsy Forensic Browser

Quiz Complete Chapter Quizes

1/11-1/14 Lesson 3: Systems Forensics and Incident Response

Required Readings

Chapter 7, “E-mail Forensics” Chapter 8, “Windows Forensics” Chapter 9, “Linux Forensics” Chapter 12, “Performing Network Analysis” Chapter 13, “Incident and Intrusion Response”

Discussion Adding Forensics to Incident Response

Discussion E-mail and the Law

Assignment

The Art of War

Lab

Lab 9: Analyzing a FAT Partition with Autopsy Lab 12: Communication Artifacts Lab 13: User Profiles and the Windows Registry Lab 14: Log Analysis Lab 15: Memory Analysis

Project

Lab 16: Forensic Case Capstone

Page 9 of 12

Final Examination Comprehensive Exam

Academic Honesty

The Richland College Statement on

Academic Honesty

This statement clarifies academic honesty for the Richland College teaching learning

community. It identifies appropriate student behavior and describes teachers’ expectations of

students.

We—the Richland College faculty, administration, and staff—are committed to honesty

and fairness as we work with our students. We also expect our students to be honest and fair

in the work they submit to us. This statement on academic honesty describes:

1) what we expect from students.

2) the consequences of their failing to meet those expectations.

Note: As we use the terms “honesty” and “dishonesty,” we are referring to actions and

behaviors; we are not judging the character of our students.

The Richland College faculty believes only a small minority of students “cheat,” However, we

believe academically dishonest students cheat the academically honest students. Therefore, we

expect students who are aware of cheating to act honorably and report instances of academic

dishonesty to the faculty or the appropriate academic dean.

Expectations

1. We believe academic honesty is essential, and students should avoid actions that

misrepresent academic success. We believe Richland College students are academically

honest, and they want to be fair and honest in the assignments they submit.

These guidelines apply to all testing situations—test administered in the classrooms, tests

administered in the Testing Center, and tests administered by someone other than the

professor.

2. All forms of cheating on tests are academically dishonest. Students cheat when they:

► participate in any activity that falsely represents their ability to answer test questions.

► copy—with or with permission—from another student’s test.

Page 10 of 12

► use notes (either written or electronically stored in calculators or computers) or any

other unauthorized materials.

► request answers or assist other students with answers without authorization.

► obtain test questions prior to the test (soliciting or in any other way obtaining test

questions, answers, or portions of tests).

3. Student’s presenting another person’s work as their own is unacceptable. Often, academic

work permits and even encourages students to use another person’s words or ideas, but students

must document those words and ideas correctly. Therefore, students cheat when they:

► Summarize, paraphrase, or quote another person without giving proper credit.

► Submit papers written by someone else.

► Copy verbatim (word for word) from other sources (books, Internet, and other similar

materials).

When they have questions about when and how to credit other sources, students must seek

clarification from the faculty. These matters are the student’s responsibility.

4. Unauthorized collaboration on assignments or tests is unacceptable. Richland College

supports authorized collaborative, cooperative learning. Therefore, we encourage study groups

when students are preparing for tests, but students cheat when they:

► Provide other students with answers on homework assignments.

► Present work completed by someone else.

If they have a question about the appropriateness of collaboration, students should seek

clarification from the faculty. These matters are the student’s responsibility.

Consequences

1. Faculty determine the appropriate consequences for students who fail to be academically

honest. Even if the course syllabus fails to address the matter, students are obliged to be

academically honest. By enrolling in a course, students are promising to be academically honest.

2. As consequences for academic dishonesty, faculty may:

► assign a performance grade of “F” for the assignment or test.

► document the incident in the student’s Richland College file.

► assign additional work.

► take other appropriate disciplinary actions.

Page 11 of 12

Repeated violations may result in the student’s expulsion or suspension from the college.

Students must understand that academic dishonesty carries serious consequences. However, if

they believe they have received unfair treatment, students can file a grievance as described in

the “Student Code of Conduct” in the Richland College Catalog or published in the DCCCD

Catalog at http://www1.dcccd.edu/cat0506/ss/code.cfm

Academic Progress: Students are encouraged to discuss academic goals and degree completion with their instructors. Spefici

advising is availabale throughout the semester. Check http://richlandcollege.edu/admissions and

http://richlandcollege.edu/advising for more details.

Page 12 of 12

Institution Policies