CNIT 121: Computer Forensics

Fall 2022 Sam Bowne

CRN 72080 Sat 9:10 - 12 pm Remote

Schedule · Projects

This page is only for the schedule and videos.
For lectures, quizzes, and projects, go to:
https://ccsf.instructure.com/

If you're not enrolled at CCSF, enroll in my public Canvas here:

https://canvas.instructure.com/enroll/NBL8WX

After enrolling, you can view the course here:

https://canvas.instructure.com/courses/5211605


Schedule


Sat 8-20  Mod 1


Sat 8-27Mod 1 Quiz *
Mod 2 Quiz *
Proj H 101 - H 104 due *
Mod 2


Fri 9-2 Last Day to Add
Sat 9-3 Holiday: No Class

Sat 9-10Mod 3 Quiz
Proj F 60 & F 200 due
Mod 3


Sat 9-17 Class Cancelled for CircleCityCon

Sat 9-24Mod 4 Quiz
Autopsy Videos 0-2 due
Mod 4


Sat 10-1Mod 5 Quiz
Autopsy Videos 3-4 due
Mod 5


Sat 10-8Mod 6 Quiz
Proj F 201 & F 202 due
Mod 6


Sat 10-15Mod 7 Quiz
Proj F 210 due
Mod 7


Sat 10-22Mod 8 Quiz
Proj F 220 due
Mod 8


Sat 10-29 Velociraptor Demos


Sat 11-5Mod 9 Quiz
Proj M 144 due
Mod 9


Sat 11-12No Quiz
Proj F 230 due
Mod 10


Sat 11-19No Quiz
No Proj due
Class cancelled for CPTC

Sat 11-26 Holiday: No Class

Sat 12-3Mod 10+11 Quiz
Proj H 420 & F 211 due
Mod 11

Sat 12-10 Last Class: No new material

Tue 12-13
through
Tue 12-20
  Final Exam available online throughout the week.
You can only take it once.

All quizzes due 30 min. before class
* No late penalty until 9-10

Projects

Autopsy User Documentation

H 101-4: Binary Games (20 pts.)
F 60: Cloud Server on Azure (15 pts)
F 200: Examining a Forensic Image with Autopsy (15 pts.)
F 201: Rhino Hunt with Autopsy (15 pts + 10 extra)
F 202: Rhino Hunt with Wireshark (15 pts + 15 extra)
F 210: Memory Analysis with Autopsy (15 pts + 30 extra)
F 220: Capturing and Examining the Registry (15 pts)
F 221: Examining the Registry from a Disk Image (25 pts extra)
M 140: Android Studio Emulator (15 pts extra)
M 142: Rooting Android Studio's Emulator (15 pts extra)
M 143: Forensic Acquisition from Android (15 pts extra)
M 144: Android Analysis with Autopsy (10 pts)
F 230: iPhone Analysis with Autopsy (20 pts)
H 420: Wireshark (25 pts + 85 extra)
F 211: Memory Forensics of LastPass and Keeper (15 pts + 10 extra)

IR 100: Windows and Linux Machines (20 pts extra)
IR 371: Velociraptor Server on Linux (25 pts extra)
IR 372: Investigating a PUP with Velociraptor (40 pts extra)
IR 373: Investigating a Bot with Velociraptor (50 pts extra)
IR 374: Investigating a Two-Stage RAT with Velociraptor (35 pts extra)

Updated: 11-12-22 11:54 am