Jan 19, 2021  
2016-2017 Catalog 
    
2016-2017 Catalog [PAST CATALOG]

CTS 207 - Digital Forensics 2

4 credit hours - Four hours of lecture and directed laboratory weekly; one term.
(Formerly CSI 208 - Cyber Forensics 2)

Recover and analyze digital evidence using industry standard commercial and open source. Practice preserving digital evidence. Learn how to evaluate operating systems and file systems in order to find and analyze evidence using basic Windows, Linux and Mac command line and GUI tools. Learn approaches to network forensic investigations while using investigation results to develop reports and testimony. Lab fee $100.

Prerequisite(s): CTS 170  or CJS 170 .

Crosslisted: Also offered as CJS 207 ; credit is not given for CTS 207 and CJS 207 .

Course Outcomes
Upon successful completion of this course, students will be able to:
  • Examine the functionality of the Windows OS as it relates to data storage and evidence.
    • Identify Windows FAT and NTFS hard disks, media and file systems.
    • Research the location of Windows artifacts.
    • Deduce how Windows artifacts were created in test environment.
    • Identify and locate Windows registry files.
  • Examine the functionality of the Linux OS as it relates to data storage and evidence.
    • Identify Linux ext formatted hard disks, media and file systems.
    • Research the location of Linux artifacts.
    • Deduce how Linux artifacts were created in a test environment.
  • Examine the functionality of the Macintosh OS as it relates to data storage and evidence.
    • Identify Mac OS HFS formatted hard disks, media and file systems.
    • Research the location of Mac OS artifacts.
    • Deduce how Mac artifacts were created in a test environment.
  • Practice preserving, handling and documenting digital evidence.
    • Compare legal and societal considerations of American and European forensic practices.
    • Preserve, extract and analyze digital forensic evidence.
    • Prepare and submit documentation of forensic analysis.
    • Prepare a forensic report.
    • Prepare a presentation of forensic findings.
  • Identify processes and communications in a network environment.
    • Identify system, security and event logs.
    • Recognize artifacts from at least three different web browsers.
    • Identify and locate Windows registry files.
Core Competencies
Core 1 Communication Core 2 Technology Fluency Core 3 Information Literacy Core 5 Self Management Core 6 Scientific Reasoning Core 9 Global Perspective Core 10 Innovative and Critical Thinking