CNIT 121: Computer Forensics

Spring 2023 Sam Bowne

CRN 34257 Mon 6:10 - 9:00 pm SCIE 37

Schedule · Projects

This page is only for the schedule and videos.
For lectures, quizzes, and projects, go to:
https://ccsf.instructure.com/

If you're not enrolled at CCSF, use my public Canvas here:

https://canvas.instructure.com/enroll/WWHYE3

After enrolling, you can view the course here:

https://canvas.instructure.com/courses/5960568


Schedule


Mon 1-23  Mod 1: The Scope of Digital Forensics


Mon 1-30Mod 1 Quiz *
Mod 2 Quiz *
Proj H 101 - H 104 due *
Mod 2: Windows Operating and File Systems


Fri 2-3 Last Day to Add

Mon 2-6Mod 3 Quiz
Proj F 60 & F 200 due
Mod 3: Handling Computer Hardware

Mon 2-13Mod 4 Quiz
Autopsy Videos 0-2 due
Mod 4: Acquiring Evidence in a Computer Forensics Lab

Mon 2-20 Holiday: No Class

Mon 2-27Mod 5 Quiz
Autopsy Videos 3-4 due
Mod 5: Online Investigations

Mon 3-6Mod 6 Quiz
Proj F 201 & F 202 due
Mod 6: Documenting the Investigation

Mon 3-13No Quiz
No Proj due
TBA

Mon 3-20Mod 7 Quiz
Proj F 210 due
Mod 7: Admissibility of Digital Evidence

Mon 3-27 Holiday: No Class

Mon 4-3Mod 8 Quiz
Proj F 220 due
Mod 8: Network Forensics and Incident Response

Mon 4-10 Velociraptor Demos

Mon 4-17Mod 9 Quiz
Proj M 144 due
Mod 9: Mobile Forensics

Mon 4-24No Quiz
Proj F 230 due
Mod 10: Mobile App Investigations

Mon 5-1Mod 10+11 Quiz
Proj H 420 & F 211 due
Mod 11: Mac Forensics

Mon 5-8 TBA

Mon 5-15 Last Class: No new material

Wed 5-17
through
Wed 5-24
  Final Exam available online throughout the week.
You can only take it once.

All quizzes due 30 min. before class
* No late penalty until 9-10

Projects

Autopsy User Documentation

Setup

H 101-4: Binary Games (20 pts.)
F 60: Cloud Server on Azure (15 pts)
ED 32: Windows 10 Virtual Machine (15 pts extra)

Using Autopsy

F 200: Examining a Forensic Image with Autopsy (15 pts.)
F 201: Rhino Hunt with Autopsy (15 pts + 10 extra)
F 202: Rhino Hunt with Wireshark (15 pts + 15 extra)
F 210: Memory Analysis with Autopsy (15 pts + 30 extra)
F 220: Capturing and Examining the Registry (15 pts)
F 221: Examining the Registry from a Disk Image (25 pts extra)
M 140: Android Studio Emulator (15 pts extra)
M 142: Rooting Android Studio's Emulator (15 pts extra)
M 143: Forensic Acquisition from Android (15 pts extra)
M 144: Android Analysis with Autopsy (10 pts)
F 230: iPhone Analysis with Autopsy (20 pts)

Other Tools

H 420: Wireshark (25 pts + 85 extra)
F 211: Memory Forensics of LastPass and Keeper (15 pts + 10 extra)

IR 100: Windows and Linux Machines (20 pts extra)
IR 371: Velociraptor Server on Linux (25 pts extra)
IR 372: Investigating a PUP with Velociraptor (40 pts extra)
IR 373: Investigating a Bot with Velociraptor (50 pts extra)
IR 374: Investigating a Two-Stage RAT with Velociraptor (35 pts extra)

Updated: 1-30-23 10:31 pm