Course Content and Outcome Guide for CIS 286
- Course Number:
- CIS 286
- Course Title:
- Computer Forensics
- Credit Hours:
- Lecture Hours:
- Lecture/Lab Hours:
- Lab Hours:
- Special Fee:
Course DescriptionIntroduces computer security administrators to computer forensics. Includes setup and use of an investigator's laboratory, computer investigations using digital evidence controls, processing crime and incident scenes, performing data acquisition, computer forensic analysis, e-mail investigations, image file recovery, investigative report writing, and expert witness testimony. Includes maps to the IACIS certification. Prerequisites: CS140U and either CIS 240L or CIS 240M, or instructor permission. Audit available.
Intended Outcomes for the course
On successful completion of this course the student should be able to:
- Discuss and participate in incident response computer forensics investigations, recovery of digital evidence, testimony on evidence, and reporting on computer investigations.
Course Activities and Design
This course is presented by means of:
- on-campus lectures or on-line lessons
- group discussions
- individual lab assignments
- group lab assignments.
Students will be required to use essential tools to complete the lab assignments.
Outcome Assessment Strategies
Through exams and lab assignments students will be assessed to determine whether they are able to:
- Define and discuss the concepts of computer forensics.
- Explain the career of a computer forensics professional.
- Explain and apply the concepts of computer investigations.
- Setup and operate in an investigator's office and laboratory.
- Select and apply current computer forensics tools.
- Identify and apply current practices for processing crime and incident scenes.
- Explain and apply digital evidence controls.
- Explain and perform forensic analysis in various operating system environments.
- Explain the boot processes and disk structures of various operating system environments.
- Identify and apply current practices for data discovery recovery and acquisition.
- Conduct basic computer forensic analysis.
- Demonstrate the recovery of image files.
- Conduct basic network forensic analysis.
- Perform e-mail investigations.
- Act as expert witness and report results of investigations.
Course Content (Themes, Concepts, Issues and Skills)
- Computer forensics.
- Computer investigations.
- Computer forensics laboratory.
- Computer forensics tools.
- Crime and incident scenes
- Digital evidence practices.
- Data and image recovery.
- Network monitoring and forensic analysis.
- E-mail recovery and analysis.
- Testimony and reporting.