INFOSEC
CPSC 484
Computer Crime Investigation
Course Description:
Study on procedures for identification, preservation, and extraction of electronic evidence. Auditing and investigation of network and host system intrusions, analysis and documentation of information gathered, and preparation of expert testimonial evidence will also be covered. Also forensic tools and resources for system administrators and information system security officers will be explored. Prerequisites: CPSC 160, 385,375 and 251 with grades of C or better.
Texts:
Title: Guide to Computer forensics and Investigations
Edition: 2
Authors: Nelson, Phillips, Enfinger, and Stewart
Publisher: Thomson, Course Technology
Chapters:
1. Computer Forensics and Investigations as a Profession
2. Understanding Computer Investigations
3. The Investigator's Office and Laboratory
4. Current Computer Forensics Tools
5. Processing Crime and Incident Scenes
6. Digital Evidence Controls
7. Working with Windows and DOS Systems
8. Macintosh and Linux Boot Processes and File Systems
9. Data Acquisition
10. Computer Forensics Analysis
11. Recovering Image Files
12. Network Forensics
13. E-Mail Investigations
14. Becoming an Expert Witness and Reporting Results of Investigations
Appendices
A: Certification Test References
B: Computer Forensics References
C: Procedures for Corporate High-Technology Investigations
Labs:
