Digital Forensics

 

MGS 410/610 – Fall 2012

 

Instructor: David Murray

Email: djmurray@buffalo.edu      Skype: djmurrayub

Office: Jacobs 284                    Phone: 645-3249                                              

Office hours: Tuesday and Thursday 1:00 - 1:45 (or by appointment)

Web Site: http://www.mgt.buffalo.edu/departments/mss/djmurray/mgs410

 

Course Objectives:

This course provides students with an introduction to Digital Forensic Science and the systematic process of acquiring, authenticating and analyzing digital evidence.  Technical and managerial topics will be explored, providing students with both theoretical and practical hands-on experience using forensic equipment and software.  The additional topics of E-Discovery, Data Retention, Data Disposal, Litigation, Internal Investigations, Regulatory Compliance and Incident Response will also be discussed within the context of Digital Forensics.  Students will have an opportunity to work with commercial and open source forensic software programs.

 

As future managers in this digital world, you need to be familiar with Digital Forensics in order to make knowledgeable decisions to mitigate a variety of risks and facilitate compliance.  The course accomplishes this by:

 

  • Introducing basic concepts of digital forensic science
  • Exploring the specific areas of media, network and code forensics
  • Examining the role of digital forensics in public and private investigations
  • Examining the potential benefits, limitations and risks of digital forensics
  • Increasing awareness of managerial issues raised by the use of digital forensics
  • Providing “hands on” exercises to practice course material
  • Utilizing expert guest speakers in the fields of law, law enforcement and digital forensics

 

 

Course Materials:

·         Guide to Computer Forensics and Investigations 4th Edition, Nelson, Phillips, Steuart, Course Technology, 2010

 

 

Homework Assignments:

There are five homework assignments designed to help reinforce the material that has been covered in the lecture.  Completion of these assignments is crucial to your success in the class.  Homework assignments should always be submitted at the beginning of lecture on the due date.  Late assignments are not accepted and will receive a score of 0.  Any questions pertaining to your homework grades must be addressed within 2 weeks of the assignment due date.

 

 

Exams:

There will be a midterm exam during the semester and a non-cumulative final exam administered during finals week.  There are no make-up exams except under exceptional circumstances.

 

 

Final Team Project:

You will work in teams to research, write and present a term paper on a topic related to Digital Forensics.  Further details will be given in lecture.

 

 

Sleiman Forensic Lab:

The forensic lab is located in Jacobs 323 and may be accessed with your UB Card.  Commercial and open source forensic tools are available on the forensic systems.  Hardware write blockers are also available which can be used to properly acquire the digital evidence.

 

 

Course Conduct:

You are required to observe the rules of academic integrity and classroom conduct established by the University at Buffalo.  Cheating will not be tolerated.  Students found cheating will receive a grade of F for the course and may be subject to further disciplinary action by the School of Management and/or the University at Buffalo.  The University at Buffalo Academic Integrity policies are posted on the course website and should be reviewed carefully.

 

Assignments and Grading:

 

Assignment

Points

Homework Assignments (5)

65

Final Project

40

Midterm Exam

40

Final Exam

40

Response Papers (7)

15

Total

200

 

A course grade of A is 190 points and above, A- is 180 points and above, B+ is 175 points and above, B is 170 points and above, B- is 160 points and above, C+ is 155 points and above, C is 150 points and above, C- is 140 points and above, D is 130 points and above and a grade of F is earned if you receive fewer than 130 points.  Depending on the overall class performance, I reserve the right to adjust the scale.  My decision to adjust the scale will only be made at the end of the semester once all of the course grades are in.

 

According to University Regulations, a grade of Incomplete can only be given if the student is currently passing the course and circumstances prevent them from completing the semester.  Incomplete grades will not be given once the student has taken the final exam.  **November 9th is the last day to resign the course.

 

 

Tentative Course Schedule:

 

Date

Ch

Topics

Assignments

8/30

 

Course Introduction

 

 

 

Forensics Lab Introduction and Tour

 

 

1

Computer Forensics and Investigations as a Profession

 

 

3

The Investigator’s Office and Laboratory

 

9/6

 

Guest Speaker - Donald Szumigala from Cheektowaga Police Department

 

 

5

Processing Crime and Incident Scenes

 

9/13

 

Guest Speaker - Ty Sen from Phillips Lytle

Homework 1 due

 

2

Understanding Computer Investigations

 

 

4

Data Acquisition

 

9/20

6

Working with Windows and DOS Systems

 

 

 

Group Project Introduction

 

9/27

 

Guest Speaker - Mike McCartney from DIGITS LLC

Homework 2 due

 

 

Group Project Brainstorming

 

10/4

 

Guest Speaker - Tim Shanahan from IRS

 

 

8

Macintosh and Linux Boot Processes and File Systems

 

10/11

Midterm Exam (Chapters 1-6)

10/18

 

Heather Fisher and Shelly Mady from Ernst & Young

Homework 3 due

10/25

 

Guest Speaker - JP Midgley from Avalon Legal Technologies

 

 

9

Computer Forensics Analysis and Validation

 

11/1

 

Guest Speaker - Kris Meier from Station 28

Homework 4 due

 

11

Virtual Machines, Network Forensics and Live Acquisitions

 

11/8

 

Guest Speaker - Special Agent from FBI (4:00)

 

 

10

Recovering Graphics Files

 

11/15

 

Guest Speaker - Catherine Ullman from UB

Homework 5 due

 

 

Solid State Drives and Hard Drive Comparison

 

11/22

No Class.  Fall Recess

11/29

12

E-mail Investigations

 

 

13

Cell Phone and Mobile Device Forensics

 

12/6

 

Project Presentations

 

TBA

Final Exam (Chapters 8-13)