CNIT 121: Computer ForensicsSpring 2014 Sam BowneCRN 33817 Wed 6:10 - 9 pm MUB 330ScoresOpen Lab Hours for Sci 214Schedule · Lecture Notes · Projects · Speakers · Links · Home Page |
TextbookComputer Forensics Infosec Pro Guide by David CowenPublisher: McGraw-Hill Osborne Media; 1 edition (March 13, 2013) Sold by: Amazon Digital Services, Inc. ASIN: B00BPO7AP8 Kindle edition: $25, Paper edition: $27 (prices I saw on 11-19-13 at Amazon) Buy from Amazon |
Catalog DescriptionThe class covers forensics tools, methods, and procedures used for investigation of computers, techniques of data recovery and evidence collection, protection of evidence, expert witness skills, and computer crime investigation techniques. Includes analysis of various file systems and specialized diagnostic software used to retrieve data. Prepares for part of the industry standard certification exam, Security+, and also maps to the Computer Investigation Specialists exam.
Examine computer media to discover evidence.
|
Schedule (may be revised) | |||
---|---|---|---|
Wed 1-15 | 1 What is Computer Forensics? & 2 Learning Computer Forensics | ||
Wed 1-22 | 3 Creating a Lab | ||
Wed 1-29 | 4 How to Approach a Computer Forensics Investigation | ||
Thu 1-30 | Last Day to Add | ||
Wed 2-5 | Quiz: Ch 1-4 Proj 1 & 2 due * |
5 Choosing Your Procedures | |
Wed 2-12 | Quiz: Ch 5 |
6 Testing Your Tools & Best Practices | |
Wed 2-19 | Quiz: Ch 6 &
Best Practices Proj 3 & 4 & 5 due * |
7 Live vs. Postmortem Forensics | |
Sun. Feb. 23 - Mon. Feb. 24 | B-Sides San Francisco (extra credit) | ||
Wed 2-26 |
No Class--We will have a special presentation on the Pass the Hash, a powerful attack hackers have been using to compromise Windows systems for 15 years. Microsoft finally patched it in Windows 8.1. (This is worth extra credit) 6:30 to 8:30 at CCSF's Chinatown campus, 808 Kearny St., Fourth floor Presenting will be one of Microsoft's top security researchers, Nathan Ide who developed the "fix" at Microsoft. | ||
Wed 3-5 | Quiz: Ch 7 Proj 6 & 7 due |
8 Capturing Evidence | |
Wed 3-12 |
Conrad del Rosario Assistant District Attorney San Francisco District Attorney's Office White Collar Crimes Division Case study on the Terry Childs case & more | ||
Wed 3-19 | Quiz: Ch 8 Proj 8 & 9 due * |
9 Nontraditional Digital Forensics | |
Wed 3-26 | Quiz: Ch 9 Proj 10 due * |
10 Establishing the Investigation Type and Criteria & 11 Human Resources Cases | |
Wed 3-26 | Mid-term grades due | ||
Wed 4-2 | Holiday--No Class | ||
Wed 4-9 | Quiz: Ch 10 & 11 Proj 12 & 13 due |
12 Administrator Abuse | |
Wed 4-16 | Quiz: Ch 12 Proj 11 & 14 due |
13 Stealing Information | |
Tue 4-17 | Last Day to Withdraw | ||
Wed 4-23 | Quiz: Ch 13 Proj 15 & 16 due |
14 Internal Leaks | |
Sat 4-26 | Wardriving 9 AM CLOU 218 | ||
Wed 4-30 | Quiz: Ch 14 & Proj 17 Proj 17 due |
15 Keyloggers and Malware | |
Wed 5-7 | Quiz: Ch 15 Proj 18 due |
16 Documenting Your Findings with Reports & 17 Litigation and Reports for Court and Exhibits | |
Wed 5-14 |
Guest Speaker: Johnathan Cran Bug Bounties and Opportunities at BugCrowd
Last Class |
||
Wed 5-21 | Final Exam | ||
* Requires DVD--available in SCIE 214 |
Speaker Biographies |
---|
Conrad del Rosario
Graduated law school in 1991 and have worked as a prosecutor for over 20 years. Worked in various criminal units at the SF DA's office including domestic violence, sexual assault, and narcotics before working identity theft and high technology crimes. Currently the managing attorney for the Economic Crimes Unit, part of our White Collar Division, where I oversee 5 attorneys including the high technology and identity theft teams. Currently assigned to the Rapid Enforcement Allied Computer Team (REACT) Task Force which is a consortium of local law enforcement agencies investigating high technology crimes based out of Silicon Valley, member of HTCIA, and currently a certified instructor for Peace Officer Standards and Training (POST) in the area of High Technology Investigations.
|