IA Course CPSC 4680/5680

Computer Crime Investigation & Computer Forensics

Catalog Description:                                                                    

Study on procedures for identification, preservation, and extraction of electronic evidence. Auditing and investigation of network and host system intrusions, analysis and documentation of information gathered, and preparation of expert testimonial evidence will also be covered. Also forensic tools and resources for system administrators and information system security officers will be explored.


Course Outcomes: 

  • To familiarize and give the students an ethical perspectives and practices  in computing by teaching them  the  existence of  computer abuse, laws pertaining to such abuse and legal gray areas. This objective can be achieved through the teaching of morality, ethics, security, privacy, intellectual property rights, and the reliability of software products.
  • To give the students a technical know how in computer network security so that they are able to not only  know and identify  computer system vulnerabilities, but are able to deal with  a number of them.
  • To give the students a legal and investigative framework, understanding, and competence through the study of computer forensics. Students will not only know how to deal with security bleaches, they will also be able to deal with the after effects of such bleaches through investigations and prosecutions of the culprits.
  • To  provide the student  with the context to appreciate  the value of technology and  to understand that  technology is not neutral, that it  creates ethical and moral muddles that must be dealt with.
  • To create and nurture an ideal atmosphere for academic dialogue, debate, and question-answer sessions among students intended to deepen their understanding of technology and its effects on society.  
  • To improve students’ oral and written communication skills.
  • To affect their behavior by challenging them to examine ethical and moral situations, think through them and identify relevant support systems.


Nelson, Bill, Amelia Phillips, frank Enfinger, and Chris Steuart. Guide to Computer

            Forensics and Investigations. 3rd Edition,  Thomson Course Technology, 2008.

Mandia, K.,  Prosise, C. and C. Pepe, M. Incident Response and Computer Forensics.

            Second Edition, Osborne-McGraw Hill, 2003. 

Please check this link from the UTC InfoSec center for additional resources for your course work and paper: http://www.utc.edu/center-information-security-assurance/resources.php.


  • Understanding  Computer Forensics
  • Understanding Computer Investigations
  • Working with Windows and MSDOS Systems ( FAT , UNIX, NTFS File Systems)
  • Mac and Linux Boot Processes and Disk Structure
  • Digital Evidence  Collection and Controls
  • Processing Crime and Incident Scenes
  • Data Acquisition
  • Computer Forensics Analysis
  • E-mail Investigations
  • Recovering Image Files
  • Writing Investigative Reports

Class Notes and schedule

( to see notes click on Week number)



Lecture Topic

Laboratory Activity

Week 1

Introduction. Nature of Forensics Evidence. Ethical Issues Legal Issues I.

Ethics Case, Seizure Proceedings

Week 2

Evidence Collection. Email Tracing. Internet Fraud.

Email Trace. URL Obscuring. Password Cracking.

Week 3

Legal Issues II. Hard Drive Facts. FAT File Systems I. Hard Drive Imaging.

Hard Drive Mirroring. Understanding MBR and BPB

Week 4

NTFS, UNIX UNIX File Systems II. Searching for Evidence on a Hard Drive I.

Evidence Search at Byte Level.

Week 5

FAT, NTFS, UNIX File Systems III. Searching for Evidence on a Hard Drive II.

Evidence Search with Forensics Tool.

Week 6

Live Systems Investigations.

Creation of Forensics Boot Disks. Emergency Assessment of a UNIX system.

Week 7

Network Protocols. Network Analysis.

Introduction to network scanning tools. Ethereal, TCPDump.

Week 8

Hacking I.

Network Scanning. Traffic Analysis. Snort.

Week 9

Hacking II. Organizational Security.

Denial of Service Attacks.

Week 10

Incidence Response Policies. Incidence Reporting. Forensics and Intrusion Detection Tools.

Network Vulnerability Tools.

Week 11

E-mail Investigations


Week 12

Recovering Image Files


Week 13

Writing Investigative Reports


Week 14

 Presentation of Reports




  • 9 Of 10 Companies Hit By Computer Crime, FBI Says; According to the FBI's most recent survey, one of five organizations also admitted that it had been victimized by 20 or more attacks.(Federal Bureau of Investigation report)(Brief Article). (January 01, 2006). Informationweek.
  • Welch, T. (September 06, 1997). Computer Crime Investigation and Computer Forensics. Information Systems Security, 6, 2, 56-80.
  • Colaguori, C. (December 01, 2012). Computer crime, investigation, and the law. Police Practice and Research, 13, 6, 539-540.
  • Barmaki, R. (January 01, 2012). Computer Crime, Investigation, and the Law.(Book review). Criminal Justice Review, 37, 1, 132-133.
  • Handbook of Computer Crime Investigation: Forensic Tools and Technology.(INVESTIGATIONS)(Book Review). (January 01, 2005). Security Management, 49, 3.)
  • Computer Forensics: Computer Crime Scene Investigation, Second Edition, by John Vacca, provides an overview of computer crime. (July 01, 2005). Communications News, 42, 7, 10.
  • McCollum, T. (November 01, 1997). Computer crime. Nations Business, 85, 11, 18-28.
  • Kosiba, T. P. (January 01, 2003). Handbook of computer crime investigation: forensic tools and technology. Forensic Science Communications, 5, 2.)
  • Investigating Computer Crime. (January 01, 1997). Fbi Law Enforcement Bulletin, 66, 3, 15.
  • Carter, D. L. (January 01, 1995). Computer Crime Categories. Fbi Law Enforcement Bulletin, 64, 7, 21.


  • Kizza, J. M. (2013). Ethical and social issues in the information age. London: Springer London.
  • Vacca, J. R., & Rudolph, K. (2010). System forensics, investigation, and response. Sudbury, MA: Jones & Bartlett Learning.
  • Maras, M.-H. (2012). Computer forensics: Cybercriminals, laws, and evidence. Sudbury, Mass: Jones & Bartlett Learning.
  • Leonard, V. A. (1971). Criminal investigation and identification. Springfield, Ill: Thomas.
  • James, S. H., & Nordby, J. J. (2003). Forensic science: An introduction to scientific and investigative techniques. Boca Raton, Fla: CRC Press.
  • Kim, K. J., & Chung, K.-Y. (2013). IT convergence and security 2012. Dordrecht: Springer.
  • Sammons, J. (2012). The basics of digital forensics: The primer for getting started in digital forensics. Amsterdam: Elsevier/Syngress.


Secure Use

General Security Policy: Cyber Ethics

Cyber Ethics 

General Security Policy: Information Technology Security Evaluation Criteria (ITSEC)

ITSEC Definition 

General Procedures: Inference

Inference Definition 

General Procedures: Rainbow Series

Rainbow Series 

General Procedures: NSTISSAM COMPUSEC/1-99 Insider Threat to Government Computer Systems

NSTISS Glossary 

General Countermeasures and Safeguards: Computer Law

Computer Law 

General Countermeasures and Safeguards: Computer Media

Computer Media 

General Countermeasures and Safeguards: Evaluate Security Testing Tools

Security Testing Tools 

Administrative Countermeasures/Safeguards: Control Management

Change Control 
Control Management 

Administrative Countermeasures/Safeguards: Privacy Act

Privacy Act of 1974 

Operations Policies/Procedures: Keystroke Monitoring

Keystroke Monitoring 

Operations Policies/Procedures: Disaster Recovery Planning

Disaster Recovery 


Policy and Procedures: Incident Response

Incident Response 

Policy and Procedures: Witness Interrogation

Witness Interrogation 

Operations Countermeasures/Safeguard: Computer Attacks

Computer Attacks 
Computer Virus Timeline 

Operations Countermeasures/Safeguard: Computer Emergency Readiness Teams



Administrative Policies/Procedures: Approval to Operate

Approval to Operate 

Administrative Policies/Procedures: Configuration/Change Control

Change Control 

Administrative Policies/Procedures: Copyright Protection

Copyright Protection 

Administrative Policies/Procedures: Patch Management

Patch Management 

Administrative Policies/Procedures: Records Management

Records Management

Administrative Policies/Procedures: Wireless Use Policies

Wireless Use Policy 

Anomalies and Integrity

General Risk Management: Computer System Risk Management

Risk Management 

Access Control Safeguards: Computer System Access Control

Access Control 

Access Control Safeguards: Protected Distribution Systems

Protected Distribution System 

Access Control Safeguards: Information Systems Access Restrictions

Access Restrictions 


Access Control Mechanisms: KMI Applications

Key Management 

Access Control Mechanisms: Single Sign-on

Single Sign On 

IA Sites