|
NORTH CENTRAL TEXAS COLLEGE
COURSE SYLLABUS
The North Central Texas College (NCTC) Course Syllabus provides the following as required by the Texas Higher Education Coordinating Board (THECB): (1) a brief description of the course including each major course requirement, assignment and examination; (2) the learning objectives for the course; (3) a general description of the subject matter of each lecture or discussion; and (4) any required or recommended readings. Contact information for the instructor is also provided. The Course Syllabus also provides institutional information to indicate how this course supports NCTC’s purpose and mission. Information specific to a particular section of the course will be included in the Class Syllabus and distributed to enrolled students.
|
|
|
Course Title: Computer System Forensics
|
|
Course Prefix & Number: ITSY2343
|
Section Number: 350
|
Term Code: 20/Sp2
|
|
Semester Credit Hours: 3
|
Lecture Hours: 32
|
Lab Hours: 32
|
|
Course Description (NCTC Catalog):
In-depth study of system forensics including methodologies used for analysis of computer security breaches. Collect document and evaluate evidence to perform postmortem analysis of a security breach.
|
|
Course Prerequisite(s):
|
|
o - Academic General Education Course (from Academic Course Guide Manual but not in NCTC Core)
o- Academic NCTC Core Curriculum Course
n - WECM Course
|
|
Name of Instructor:
|
Ervin Frenzel
|
|
Campus/Office Location:
|
Flower Mound Rm 201
|
|
Telephone Number:
|
806-570-7658
|
|
E-mail Address:
|
efrenzel@nctc.edu
|
|
Name of Chair/Coordinator:
|
Susan Svane
|
|
Office Location:
|
IT Career Connection Center
|
|
Telephone Number:
|
940-498-6438
|
|
E-mail Address:
|
SSvane@nctc.edu
|
My contact information is listed above and if you are experiencing difficulty with any portion of this course, contact me immediately – I cannot help if I do not know there is a problem. I am available through email but may take longer to respond, if the contact is critical call me. My phone is on from 0700 to 2000 daily, but I may not be available to answer a phone call immediately, as I may be in class or in a meeting, I will return your call as soon as I can during this time frame. I am available during the day on Friday, Saturday, and Sunday.
Class schedule for this semester
|
Time
|
Mon
|
Location
|
Tues
|
Location
|
Wed
|
Location
|
Thurs
|
Location
|
Fri
|
|
18:00-
21:50
|
|
|
ITSY - 2445
|
FM201
|
|
|
|
|
|
|
ITSY-1342 Online
|
|
ITSY-2330 Online
|
|
ITSY-2342 Online
|
|
ITSY-2343 Online
|
Office hours (online) Monday, Wednesday, and Thursday from 18:00 to 21:30
REQUIRED OR RECOMMENDED COURSE MATERIALS
Required – Text/Lab Materials:
ISBN: 978-1-63567-083-7
TITLE: CHFI Version 9 eBook w/ iLabs (Volumes 1 - 4) + ECC Exam Voucher (w/ Remote Proctoring Service)
COST: $772.50
This e-book is available through the bookstore or through Gilmore direct purchase only, its content can only be used by one individual - please do not attempt to purchase this through other channels as you will end up still having to purchase the iLabs and exam voucher.
LINK for purchase:
http://www.gilmore.ca/eccouncil/login.aspx
LABS CLOSING:
Labs are open from the beginning of the semester until the week they are assigned. They close at the end of the week they are assigned - that is because of the number of labs and students in various classes. They will not remain open until the end of the semester or be reopened without instructor consultation and agreement and only for extenuating circumstances. Thank you.
Labs will be selected “Hands on Projects” at the end of each chapter. No additional purchase is required for these as they are part of the iLabs.
Recommended: Flash Drive. You are required to keep all lab work until the end of the semester.
COURSE REQUIREMENTS, EVALUATION METHODS, and GRADING CRITERIA
|
# of Graded Course Elements
|
Graded Course Elements
|
Weighted Percentage Values
|
|
41
|
Labs (based upon each weeks chapters – lowest 3 will be dropped)
|
40% of grade
|
|
12
|
Discussion (weekly discussions, lowest grade will be dropped)
|
25% of grade
|
|
12
|
Quizzes (lowest grade will be dropped)
|
25% of grade
|
|
16
|
Attendance and in class participation (lowest grade will be dropped)
|
10% of grade
|
|
|
A
|
>=89.5%
|
|
D >=59.5%
|
|
|
B
|
>=79.5%
|
|
F <=59.49%
|
|
|
|
C
|
>=69.5%
|
|
|
|
In-depth study of system forensics including methodologies used for analysis of computer security breaches. Collect document and evaluate evidence to perform postmortem analysis of a security breach.
STUDENT LEARNING OUTCOMES
WECM End-of-Course Outcomes: Identify computer investigation issues; identify legal issues associated with computer investigations; collect document evidence and evaluate evidence; and evaluate network traffic.
In this class we will learn how to plan for, react to, manage and recover from cyber-attacks (incidents). This class will focus on correctly creating a plan for an organization and responding to an incident (based upon the National Institute of Science and Technology or NIST methodologies). This course is meant to serve as a foundation for the student to prepare for an incident within their workplace environment.
At the successful completion of this course the student will be able to:
- Identify computer investigation issues
- Identify legal issues associated with computer investigations
- Collect document evidence
- Evaluate evidence
- Evaluate network traffic
|
Attendance is based on participation in the class, so you are expected to actively participate in the assignments and the graded discussion forums on a weekly basis. I also expect you to check your email everyday on M-F for any additional content.
A class meetings will be held Tuesday and Thursday, if you cannot attend you must let me know prior to the class being held, otherwise I will expect to see you there. Exams are not allowed to be turned in late (exam integrity). Discussion questions are only opened during the week in which they are due.
Last Day to Withdraw: For the Fall 2019 (FA2) semester, the last day to withdraw from a course with a “W” is November 25, 2019. If a student decides to officially drop this course, then it is the student’s responsibility to submit the required forms to the registrar. Students who cease attending and who do not complete a drop slip prior November 25, 2019 will earn a grade of “F”.
CLASSROOM DISCUSSION POLICY
Classroom discussions are available only during the week that they are intended to be available, submissions are only accepted based upon work turned in during that week. A complete listing of all discussion questions is available in the class room “Modules” area. You are allowed to read ahead and prepare your initial responses.
Initial responses are expected to be approximately 250 words (may be more or less as long as they have what can be deemed to be substantive content and grounded in relevant concepts).
Peer responses are expected to be approximately 250 words (combined) these must have substantive content and grounded in relevant concepts.
**No personal attacks will be tolerated during the classroom discussions, first offense is a notice/warning, second offense depending upon the offense can involve office of student affairs.**
Tentative Schedule for ITSY-2343 Sec 350 – Computer System Forensics
|
Week
|
Open
|
Thursday
|
Lock Date
|
Chapter
|
Assignment
|
Chapters Covered
|
|
1
|
23-Mar
|
26-Mar
|
28-Mar
|
1,2
|
Read
|
Chapter 01 – Computer Forensics in Today’s World
Chapter 02 – Computer Forensics Investigation Process
|
|
|
|
26-Mar
|
28-Mar
|
|
Lab
|
|
|
|
26-Mar
|
28-Mar
|
|
Discussion
|
|
|
|
26-Mar
|
28-Mar
|
|
Quiz
|
|
2
|
29-Mar
|
2-Apr
|
4-Apr
|
3,4
|
Read
|
Chapter 03 – Understand Hard Disks and File Systems
Chapter 04 – Data Acquisition and Duplication
|
|
|
|
2-Apr
|
4-Apr
|
|
Lab
|
|
|
|
2-Apr
|
4-Apr
|
|
Discussion
|
|
|
|
2-Apr
|
4-Apr
|
|
Quiz
|
|
3
|
5-Apr
|
9-Apr
|
11-Apr
|
5,14
|
Read
|
Chapter 05 – Defeating Anti-forensic Techniques
Chapter 14 – Forensics Report Writing and Presentation
|
|
|
|
9-Apr
|
11-Apr
|
|
Lab
|
|
|
|
9-Apr
|
11-Apr
|
|
Discussion
|
|
|
|
9-Apr
|
11-Apr
|
|
Quiz
|
|
4
|
12-Apr
|
16-Apr
|
18-Apr
|
6
|
Read
|
Chapter 06 – Operating System Forensics
|
|
|
|
16-Apr
|
18-Apr
|
|
Lab
|
|
|
|
16-Apr
|
18-Apr
|
|
Discussion
|
|
|
|
16-Apr
|
18-Apr
|
|
Quiz
|
|
|
|
14-Apr
|
16-Apr
|
1-6,14
|
|
Cumulative Mid-Term
|
|
5
|
19-Apr
|
23-Apr
|
25-Apr
|
7
|
Read
|
Chapter 07 – Network Forensics
|
|
|
|
23-Apr
|
25-Apr
|
|
Lab
|
|
|
|
23-Apr
|
25-Apr
|
|
Discussion
|
|
|
|
23-Apr
|
25-Apr
|
|
Quiz
|
|
6
|
26-Apr
|
30-Apr
|
2-May
|
8,9
|
Read
|
Chapter 08 – Investigating Web Attacks
Chapter 09 – Database Forensics
|
|
|
|
30-Apr
|
2-May
|
|
Lab
|
|
|
|
30-Apr
|
2-May
|
|
Discussion
|
|
|
|
30-Apr
|
2-May
|
|
Quiz
|
|
7
|
3-May
|
7-May
|
9-May
|
10,13
|
Read
|
Chapter 10 – Cloud Forensics
Chapter 13 – Mobile Forensics
|
|
|
|
7-May
|
9-May
|
|
Lab
|
|
|
|
7-May
|
9-May
|
|
Discussion
|
|
|
|
7-May
|
9-May
|
|
Quiz
|
|
8
|
10-May
|
12-May
|
14-May
|
11,12
|
Read
|
Chapter 11 – Malware Forensics
Chapter 12 – Investigating Email Crimes
|
|
|
|
12-May
|
14-May
|
|
Lab
|
|
|
|
12-May
|
14-May
|
|
Discussion
|
|
|
|
12-May
|
14-May
|
|
Quiz
|
|
|
|
11-May
|
13-May
|
1-14
|
|
Cumulative Final Exam
|
Fall 2018 School Master Schedule
|
Event
|
Fall 2019
|
Fall 2019
|
Fall 2019
|
Winter
|
|
1st 8-Week
|
2nd 8-Week
|
Mini-Mester
|
|
Last Day of 100% Refund for Courses Dropped
|
25-Aug
|
25-Aug
|
20-Oct
|
15-Dec
|
|
Classes Begin
|
26-Aug
|
26-Aug
|
21-Oct
|
16-Dec
|
|
Labor Day Holiday - College Closed
|
2-Sep
|
2-Sep
|
|
|
|
Official Date of Record
|
9-Sep
|
3-Sep
|
28-Oct
|
19-Dec
|
|
Last day to withdraw from a class with "W"
|
1-Nov
|
27-Sep
|
25-Nov
|
2-Jan
|
|
Thanksgiving Holiday - College Closed
|
27-Nov
|
|
|
|
|
Final Exams (see final exam schedule)
|
9 - 14 Dec
|
14-18 Oct
|
9 - 14 Dec
|
9-Jan
|
|
Commencement Ceremonies
|
13-Dec
|
|
|
|
|
Term Ends
|
14-Dec
|
18-Oct
|
14-Dec
|
9-Jan
|
|
Final Grades, Attendance Rosters & Grade Rolls due at Noon
|
14-Dec
|
19-Oct
|
15-Dec
|
10-Jan
|
|
Student Rights & Responsibilities
NCTC Board policy FLB (Local) Student Rights and Responsibilities states that each student shall be charged with notice and knowledge of the contents and provisions of the rules and regulations concerning student conduct. These rules and regulations are published in the Student Handbook published in conjunction with the College Catalog.
Other Pertinent Information
Dropping Courses:
If a student’s personal circumstances dictate that he or she needs to reduce his/her academic load, that student should confer with his/her advisor for assistance in adjusting the number of courses being taken. A grade of “W” will be given to students who officially withdraw from a course, or “drop”, at least by Thursday of the 11th week of a Fall or Spring semester, or a proportional number of weeks prior to the end of a flex-entry course or summer session. Any drops after this will be made with the approval of the instructor and the Department Chair.
It is the student’s responsibility to initiate the action necessary to drop courses under the conditions outlined above. This requires the completion of a petition for course drop form available in the Registrar’s Office on any NCTC Campus or by going to the NCTC website at www.nctc.edu and clicking on Admissions and Registration. Choose the forms on-line option and follow directions for submission of form. This form must be submitted on or before the last day to drop with a “W” (see Academic Calendar in front of catalog for specific date) and it is not available until after the official date of record. Prior to the official date of record, a student should go to the Registrar’s Office and complete the required forms.
Students who register for courses are required to drop any courses they no longer wish to attend or a final grade will be assigned. Instructors may drop students from courses for non-attendance by completing a petition for course drop.
Certificate Programs:
If you are planning to complete a certificate, you must take the competency exam prior to graduation. Contact Susan Svane at ssvane@nctc.edu within three weeks of graduation.
Scholastic Integrity
Scholastic dishonesty shall include, but not be limited to cheating on a test, plagiarism, and collusion. See Student Handbook “Student Rights & Responsibilities: Student Conduct [FLB (LOCAL)]” #20 on page 175.
Complaint Procedures
If the complaint involves a problem with an instructor, the student shall discuss the matter with the instructor before requesting a conference with the department chair… If the complaint involves a grade received, the student shall collect all tests, papers, daily assignments, class notes and other relevant material prior to the conference with the instructor in question. (See Student Handbook > Discussion of Complaint)
ADA Statement
North Central Texas College is committed to providing equal access to educational opportunities to its students with disabilities by providing assistance through “reasonable accommodations”; and a variety of services and resources through the Special Populations Office. The College does not discriminate on the basis of disabilities in admission or access to its programs. Students are responsible for notifying the office of their need for assistance at least two weeks prior to the beginning of a semester. Students with documented disabilities such as mobility, hearing or visual impairments, learning, and/or psychological disorders are eligible for services. The Special Populations Office on the Gainesville Campus is located in the Counseling/Testing Center room ASC 108 (next door to the bookstore). For assistance, call 940/668-4216 ext. 344.
Civil Rights
In compliance with Title VI of the Civil Rights Act of 1964 (P.L.88-352), Title IX of the Education Amendments of 1972 (P.L. 92-318). and the Age Discrimination Act of 1978 (P.L. 92-256), North Central Texas College does not discriminate against or exclude from participation in any of its programs or activities, either in the student body or the staff, any person on the grounds of sex, race, color, religion, age, handicap, national origin, or veteran status.
Web Page
Visit the North Central Texas College web page for information on registration, financial aid, counseling/advising, and cost of tuition and fees. You will also find information on the catalog and semester schedules as well as courses of study. You can keep up with what is happening on campus by checking the calendar of events and the sports news. The web has information on the library as well as links to other areas of interest. Check out our web page at http://www.nctc.edu .
Additional content for this course may be found in your Canvas account. Please check there for updates and news.
|
|
STUDENT SUPPORT SERVICES
Disability Services (OSD)
The Office for Students with Disabilities (OSD) provides accommodations for students who have a documented disability. A disability is anything that can interfere with learning, such as a learning disability, psychological challenge, physical illness or injury. Accommodations may include extra time on tests, tests in a distraction reduced environment, volunteer note taker in class, etc.
On the Corinth Campus, go to room 170 or call 940-498-6207. On the Gainesville Campus, go to room 110 in the Administration (100) Building or call 940-668-4209. Students on the Bowie, Graham, Flower Mound, and online campuses should call 940-668-4209 to arrange for an intake appointment with OSD.
North Central Texas College is on record as being committed to both the spirit and letter of federal equal opportunity legislation, including the Americans with Disabilities Act (ADA) of 1990, ADA Amendments Act of 2009, and Section 504 of the Rehabilitation Act of 1973 (P.L. 93-112).
http://www.nctc.edu/StudentServices/SupportServices/Disabilityservices.aspx
Support Services
Counseling and Testing staff offer a variety of services to current and prospective students, such as College 101, placement testing, academic advising and course registration, transfer assistance, and College Success seminars (Time Management, Study Skills, Test Anxiety, Choosing a Major, Learning Style Strategies, Career Exploration), and much more. http://www.nctc.edu/StudentServices/CounselingTesting.aspx
Student Success offers academic coaching, tutoring, including a Writing Center, a Math Lab, free 24/7 online tutoring through Grade Results and assist new students acclimate to college by providing computer lab services for prospective students. First generation students can also participate in TRIO which offers specialized support services.
http://www.nctc.edu/StudentServices/SupportServices.aspx
Financial Aid offers financial resources for students that qualify, visit the financial aid offices for more information. http://www.nctc.edu/FInancialAidHome.aspx
EEOC Statement
North Central Texas College does not discriminate on the basis of race, color, national origin, gender, religion, age, or disability in the employment or the provision of services.
Early Alert and NCTC Cares
The NCTC Early Alert program has been established to assist students who are at risk of failing or withdrawing from a course. Your instructor may refer you to this program if you are missing assignments, failing tests, excessively absent, or have personal circumstances impacting your academic performance. If submitted as an Early Alert you will be notified via your NCTC e-mail address and then contacted by a Counseling and Testing advisor or counselor to discuss possible strategies for completing your course successfully.
The NCTC CARES (Campus Assessment Response Evaluation Services) Team addresses behavior which may be disruptive, harmful or pose a threat to the health and safety of the NCTC community-such as stalking, harassment, physical or emotional abuse, violent or threatening behavior, or self-harm. As a student, you have the ability to report concerning behavior which could impact your own safety or the safety of another NCTC student. Just click the NCTC CARES Team logo posted on MyNCTC, or send an e-mail to CARESTeam@nctc.edu. As always, if you feel there is an immediate threat to your own safety or welfare (or to another student), please call 911 immediately.
Student Success Center
The Student Success Center is designed to help all students at NCTC develop tools to achieve their academic goals. The center links students to FREE tutoring, including a Writing Center, a Math Lab, and free online tutoring in the evening. The program helps students acclimate to college by providing students free interactive workshops. For more information, please visit your nearest Student Success Center.
Tobacco-Free Campus
NCTC restricts the use of all tobacco products including cigarettes, cigars, pipes and smokeless tobacco on campus property.
|
|
|
|
Unit Competencies
1. Understand fundamental concepts of incident response and forensic, perform electronic evidence collection and digital forensic acquisition.
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
2. Understand web application forensics and its architecture, interpret the steps for web attacks, Apache web server architecture and its logs investigation
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
3. Conduct thorough examinations of computer hard disk drives, and other electronic data storage media and recover information and electronic data from computer hard drives and other data storage devices
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
4. Understand the strict data and evidence handling procedures, maintain audit trail (i.e., chain of custody) and/or evidence of integrity, work on technical examination, analysis and reporting of computer based evidence, preparing and maintaining case files
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
5. Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images and other files, gather volatile and nonvolatile information from Windows, MAC and Linux, and recover deleted files and partitions in Windows, Mac OS X, and Linux
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
6. Understand network forensics and its steps involved, examine the network traffic, understand the email terminology and its characteristics, review the steps for investigating the email crimes
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
7. Understand the planning, coordination and direct recovery activities and incident analysis tasks, examination of all available information and supporting evidence or artifacts related to an incident or event
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
8. Perform data collection using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents, conduct reverse engineering for known and suspected malware files, and Identify of data, images and/or activity which may be the target of an internal investigation
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
9. Perform the mobile forensics and illustrate its architecture, determine the mobile storage and its evidence
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
10. Search file slack space where PC type technologies are employed, file MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences, examine file type and file header information, review e-mail communications; including web mail and Internet Instant Messaging programs, and examine the internet browsing history
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
11. Understand the reports generation which detail the approach and an audit trail which documents actions taken in order to support the integrity of the internal investigation process, recover active, system and hidden filenames with date/time stamp information, define expert witness and its roles
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
12. Crack (or attempt to crack) password protected files, perform anti-forensic methods detection, execute a file and view the data contents, and maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
13. Understand the role of first responder by securing and evaluating cyber crime scene, conducting preliminary interviews, documenting crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene, and perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
14. Understand database forensics, determine the database repositories, understand the cloud concepts and attacks on cloud. The significance of cloud forensics and distinguish their types
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
15. Extract and analyze of logs from various devices like proxy, firewall, IPS, IDS, Desktop, laptop, servers, SIM tool, router, firewall, switches AD server, DHCP logs, Access Control Logs & conclude as part of investigation process.
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.
16. Ensure reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality, verify the correctness of the computer's internal clock, assist in the preparation of search and seizure warrants, court orders, and subpoenas, and provide expert witness testimony in support of forensic examinations conducted by the examiner
Assessment:
Lab/Homework Project evaluations
Multiple Select & Multiple Choice quiz for each Chapter
Multiple Select & Multiple Choice exam over textbook.