Digital Forensics
MGS 410/610 – Fall 2012
Instructor:
David Murray
Email:
djmurray@buffalo.edu Skype:
djmurrayub
Office:
Jacobs 284 Phone:
645-3249
Office
hours: Tuesday and Thursday 1:00 - 1:45 (or by appointment)
Web
Site: http://www.mgt.buffalo.edu/departments/mss/djmurray/mgs410
Course
Objectives:
This course provides students with an introduction to
Digital Forensic Science and the systematic process of acquiring,
authenticating and analyzing digital evidence.
Technical and managerial topics will be explored, providing students
with both theoretical and practical hands-on experience using forensic
equipment and software. The additional
topics of E-Discovery, Data Retention, Data Disposal, Litigation, Internal
Investigations, Regulatory Compliance and Incident Response will also be
discussed within the context of Digital Forensics. Students will have an opportunity to work with
commercial and open source forensic software programs.
As future managers in this digital world, you need to be
familiar with Digital Forensics in order to make knowledgeable decisions to
mitigate a variety of risks and facilitate compliance. The course accomplishes this by:
Course
Materials:
·
Guide
to Computer Forensics and Investigations 4th Edition, Nelson, Phillips, Steuart, Course Technology, 2010
Homework
Assignments:
There are five homework assignments designed to help
reinforce the material that has been covered in the lecture. Completion of these assignments is crucial to
your success in the class. Homework
assignments should always be submitted at the beginning of lecture on the due
date. Late assignments are not accepted and will receive a score of 0. Any questions pertaining to your homework
grades must be addressed within 2 weeks of the assignment due date.
Exams:
There will be a midterm exam during the semester and a
non-cumulative final exam administered during finals week. There are no make-up exams except under
exceptional circumstances.
Final
Team Project:
You will work in teams to research, write and present a term
paper on a topic related to Digital Forensics.
Further details will be given in lecture.
Sleiman
Forensic Lab:
The forensic lab is located in Jacobs 323 and may be
accessed with your UB Card. Commercial
and open source forensic tools are available on the forensic systems. Hardware write blockers are also available
which can be used to properly acquire the digital evidence.
Course
Conduct:
You are required to observe the rules of academic integrity
and classroom conduct established by the University at
Assignments
and Grading:
Assignment |
Points |
Homework Assignments (5) |
65 |
Final Project |
40 |
Midterm Exam |
40 |
Final Exam |
40 |
Response Papers (7) |
15 |
Total |
200 |
A course grade of A is 190 points and above, A- is 180
points and above, B+ is 175 points and above, B is 170 points and above, B- is
160 points and above, C+ is 155 points and above, C is 150 points and above, C-
is 140 points and above, D is 130 points and above and a grade of F is earned
if you receive fewer than 130 points.
Depending on the overall class performance, I reserve the right to
adjust the scale. My decision to adjust
the scale will only be made at the end of the semester once all of the course
grades are in.
According to University Regulations, a grade of Incomplete
can only be given if the student is currently passing the course and
circumstances prevent them from completing the semester. Incomplete grades will not be given once the
student has taken the final exam. **November
9th is the last day to resign the course.
Tentative
Course Schedule:
Date
|
Ch
|
Topics
|
Assignments |
8/30 |
|
Course Introduction |
|
|
|
Forensics Lab Introduction and Tour |
|
|
1 |
Computer Forensics and Investigations as a Profession |
|
|
3 |
The Investigator’s Office and Laboratory |
|
9/6 |
|
Guest Speaker - Donald Szumigala from Cheektowaga Police
Department |
|
|
5 |
Processing Crime and Incident Scenes |
|
9/13 |
|
Guest Speaker - Ty Sen from Phillips Lytle |
Homework
1 due |
|
2 |
Understanding Computer Investigations |
|
|
4 |
Data Acquisition |
|
9/20 |
6 |
Working with Windows and DOS Systems |
|
|
|
Group Project Introduction |
|
9/27 |
|
Guest Speaker - Mike McCartney from DIGITS LLC |
Homework
2 due |
|
|
Group Project Brainstorming |
|
10/4 |
|
Guest Speaker - Tim Shanahan from IRS |
|
|
8 |
Macintosh and Linux Boot Processes and File Systems |
|
10/11 |
Midterm Exam (Chapters 1-6) |
||
10/18 |
|
Heather Fisher and Shelly Mady from Ernst & Young |
Homework
3 due |
10/25 |
|
Guest Speaker - JP Midgley from Avalon Legal Technologies |
|
|
9 |
Computer Forensics Analysis and Validation |
|
11/1 |
|
Guest
Speaker - Kris Meier from Station 28
|
Homework
4 due |
|
11 |
Virtual
Machines, Network Forensics and Live Acquisitions
|
|
11/8 |
|
Guest Speaker - Special Agent from FBI (4:00) |
|
|
10 |
Recovering Graphics Files |
|
11/15 |
|
Guest
Speaker - Catherine Ullman from UB
|
Homework
5 due |
|
|
Solid
State Drives and Hard Drive Comparison
|
|
11/22 |
No Class. Fall Recess |
||
11/29 |
12 |
E-mail
Investigations
|
|
|
13 |
Cell
Phone and Mobile Device Forensics
|
|
12/6 |
|
Project
Presentations
|
|
TBA |
Final Exam (Chapters 8-13) |