CNIT 121: Computer ForensicsFall 2016 Sam BowneCRN 77242 Wed 6:10 - 9 pm SCIE 200ScoresOpen Lab Hours for Sci 214Schedule · Lectures · Projects · Speakers · Links · Home Page |
TextbookIncident Response & Computer Forensics, Third Edition by by Jason Luttgens, Matthew Pepe, and Kevin MandiaPublisher: McGraw-Hill Education; 3 edition (August 1, 2014) Sold by: Amazon Digital Services, LLC ASIN: B00JFG7152 Kindle edition: $36, Paper edition: $16 (prices I saw on 4-10-16 at Amazon) Buy from Amazon ($15 - $40) |
Catalog DescriptionForensics tools, methods and procedures for investigating computers. Data recovery techniques and evidence collection, protection of evidence, expert witness skills and computer crime investigation techniques. Analysis of various file systems and specialized diagnostic software to retrieve data. Prepares in part for CompTIA Security+ and maps to Computer Investigation Specialists exam.CSU
Examine computer media to discover evidence.
Outcome 1: Define and describe computer forensics investigations. |
Schedule | |||
---|---|---|---|
Wed 8-17 | 1 Real-World Incidents | ||
Wed 8-24 | 2 IR Management Handbook | ||
Fri 9-2 | Last Day to Add | ||
Wed 8-31 | 3 Pre-Incident Preparation | ||
Wed 9-7 | Quiz: Ch 1-3 Proj 1 & 2 due |
4 Getting the Investigation Started on the Right Foot 5 Initial Development of Leads | |
Wed 9-14 | Quiz: Ch 4 Proj 3 due |
6 Discovering the Scope of the Incident 7 Live Data Collection | |
Wed 9-21 | Quiz: Ch 6 & 7 |
8 Forensic Duplication | |
Wed 9-28 | Quiz: Ch 8 Proj 4 & 6 & 7 due |
9 Network Evidence | |
Wed 10-5 | Quiz: Ch 9 Proj 8 & 9 due |
10 Enterprise Services | |
Wed 10-12 | Quiz: Ch 10 Proj 10 & 5 due |
11 Analysis Methodology | |
Wed 10-19 | Quiz: Ch 11 Proj 11 due |
12 Investigating Windows Systems (Part 1) (Video for second half of class was lost) | |
Mon 10-24 | Mid-term grades due | ||
Wed 10-26 |
Guest Speaker: No Quiz, no Proj due
Conrad del Rosario Please read this case document before the talk. Another reference: Healthy Paranoia Show 12: The Saga Of Terry Childs | ||
Wed 11-2 | No Quiz Proj 12 & 13 due |
12 Investigating Windows Systems (Part 2) | |
Wed 11-9 | No Quiz Proj 14 due |
12 Investigating Windows Systems (Part 3) | |
Wed 11-16 | Quiz: Ch 12 Proj 15 due |
13 Investigating Mac OS X Systems | |
Wed 11-23 | Quiz: Ch 13 Proj 16 & 17 due |
14 Investigating Applications | |
Wed 11-30 | No Quiz Proj 18 due |
17 Remediation Introduction | |
Wed 12-7 | Last Class: No Quiz All Extra Credit Proj due |
16 Report Writing | |
Wed 12-14 | Final Exam | ||
Lectures | |
---|---|
Policy | |
Student Agreement | |
1 Real-World Incidents ·
KEY ·
PDF 2 IR Management Handbook · KEY · PDF 3 Pre-Incident Preparation · KEY · PDF 4 Getting the Investigation Started on the Right Foot & 5 Initial Development of Leads · KEY · PDF 6 Discovering the Scope of the Incident & 7 Live Data Collection · KEY · PDF 8 Forensic Duplication · KEY · PDF 9 Network Evidence · KEY · PDF 10 Enterprise Services · KEY · PDF 11 Analysis Methodology · KEY · PDF 12 Investigating Windows Systems (Part 1 of 3) · KEY · PDF 12 Investigating Windows Systems (Part 2 of 3) · KEY · PDF 12 Investigating Windows Systems (Part 3 of 3) · KEY · PDF 13 Investigating Mac OS X Systems · KEY · PDF 14 Investigating Applications · KEY · PDF 16 Report Writing · KEY · PDF 17 Remediation Introduction (Part 1) · KEY · PDF 18 Remediation Case Study
| |
Click a lecture name to see it on SlideShare. If you want to use other formats, you may find this useful: Cloud Convert. |
Speaker Biography |
---|
Conrad del Rosario
Graduated law school in 1991 and have worked as a prosecutor for over 20 years. Worked in various criminal units at the SF DA's office including domestic violence, sexual assault, and narcotics before working identity theft and high technology crimes. Currently the managing attorney for the Economic Crimes Unit, part of our White Collar Division, where I oversee 5 attorneys including the high technology and identity theft teams. Currently assigned to the Rapid Enforcement Allied Computer Team (REACT) Task Force which is a consortium of local law enforcement agencies investigating high technology crimes based out of Silicon Valley, member of HTCIA, and currently a certified instructor for Peace Officer Standards and Training (POST) in the area of High Technology Investigations.
|