CNIT 121: Computer Forensics

Spring 2023 Sam Bowne

CRN 34257 Mon 6:10 - 9:00 pm SCIE 37

Schedule · Projects

This page is only for the schedule and videos.
For lectures, quizzes, and projects, go to:
https://ccsf.instructure.com/

If you're not enrolled at CCSF, use my public Canvas here:

https://canvas.instructure.com/enroll/WWHYE3

After enrolling, you can view the course here:

https://canvas.instructure.com/courses/5960568


Schedule

Mon 1-23  Mod 1: The Scope of Digital Forensics

Mon 1-30Mod 1 Quiz *
Mod 2 Quiz *
Proj H 101 - H 104 due *		 Mod 2: Windows Operating and File Systems

Fri 2-3 Last Day to Add
Mon 2-6Mod 3 Quiz
Proj F 60 & F 200 due		 Mod 3: Handling Computer Hardware
Mon 2-13Mod 4 Quiz
Autopsy Videos 0-2 due 		Mod 4: Acquiring Evidence in a Computer Forensics Lab
Mon 2-20 Holiday: No Class
Mon 2-27Mod 5 Quiz
Autopsy Videos 3-4 due 		Mod 5: Online Investigations
Mon 3-6Mod 6 Quiz
Proj F 201 & F 202 due 		Mod 6: Documenting the Investigation
Mon 3-13No Quiz
No Proj due 		TBA
Mon 3-20Mod 7 Quiz
Proj F 210 due 		Mod 7: Admissibility of Digital Evidence
Mon 3-27 Holiday: No Class
Mon 4-3Mod 8 Quiz
Proj F 220 due 		Mod 8: Network Forensics and Incident Response
Mon 4-10 Velociraptor Demos
Mon 4-17Mod 9 Quiz
Proj M 144 due		 Mod 9: Mobile Forensics
Mon 4-24No Quiz
Proj F 230 due		 Mod 10: Mobile App Investigations
Mon 5-1Mod 10+11 Quiz
Proj H 420 & F 211 due		 Mod 11: Mac Forensics
Mon 5-8 TBA
Mon 5-15 Last Class: No new material
Wed 5-17
through
Wed 5-24		  Final Exam available online throughout the week.
You can only take it once.
All quizzes due 30 min. before class
* No late penalty until 9-10

Projects

Autopsy User Documentation

Setup

H 101-4: Binary Games (20 pts.)
F 60: Cloud Server on Azure (15 pts)
ED 32: Windows 10 Virtual Machine (15 pts extra)

Using Autopsy

F 200: Examining a Forensic Image with Autopsy (15 pts.)
F 201: Rhino Hunt with Autopsy (15 pts + 10 extra)
F 202: Rhino Hunt with Wireshark (15 pts + 15 extra)
F 210: Memory Analysis with Autopsy (15 pts + 30 extra)
F 220: Capturing and Examining the Registry (15 pts)
F 221: Examining the Registry from a Disk Image (25 pts extra)
M 140: Android Studio Emulator (15 pts extra)
M 142: Rooting Android Studio's Emulator (15 pts extra)
M 143: Forensic Acquisition from Android (15 pts extra)
M 144: Android Analysis with Autopsy (10 pts)
F 230: iPhone Analysis with Autopsy (20 pts)

Other Tools

H 420: Wireshark (25 pts + 85 extra)
F 211: Memory Forensics of LastPass and Keeper (15 pts + 10 extra)

IR 100: Windows and Linux Machines (20 pts extra)
IR 371: Velociraptor Server on Linux (25 pts extra)
IR 372: Investigating a PUP with Velociraptor (40 pts extra)
IR 373: Investigating a Bot with Velociraptor (50 pts extra)
IR 374: Investigating a Two-Stage RAT with Velociraptor (35 pts extra)

Updated: 1-30-23 10:31 pm