CNIT 121: Computer Forensics

Summer 2023 Sam Bowne

CRN 54175 Sat 9:10 am - 3:40 pm

MOVED TO SCIENCE 37

Schedule · Projects

To attend class online:
https://twitch.tv/sambowne

Textbook

The book we are reading for this course is:
Hayes, A Practical Guide to Digital Forensics Investigations, 2nd Edition: Pearson.
ISBN: 978-0-7897-5991-7
CCSF students can get free access to the book, as explained in Canvas.

Quizzes

The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts. CCSF students should take quizzes in the CCSF Canvas system.
Non-CCSF students should use this Canvas server: Enroll Here · View Course · Reset password

Email

For class-related questions, please send messages inside Canvas, or email cnit.121@gmail.com

Schedule

Sat 6-10		Mod 1: The Scope of Digital Forensics Mod 2: Windows Operating and File Systems Demo: Binary Games and F200


Sat 6-17	Mod 1 Quiz Mod 2 Quiz Mod 3 Quiz Proj H 101 - H 104 due Proj F 60 & F 200 due	Mod 3: Handling Computer Hardware Demos: F 201 & F 202


Sat 6-24	Mod 4 Quiz Mod 5 Quiz Autopsy Videos 0-4 due	Mod 4: Acquiring Evidence in a Computer Forensics Lab Mod 5: Online Investigations Demo: F 210 & F 220


Sat 7-1	Mod 6 Quiz Proj F 201 & F 202 due	Mod 6: Documenting the Investigation Android Forensics Demos: M 140, M 142, M 143, M 144, M 145


Sat 7-8	Mod 7 Quiz Mod 8 Quiz Proj F 210 & F 220 due	Mod 7: Admissibility of Digital Evidence Mod 8: Network Forensics and Incident Response Demo: F 221 & F 230


Sat 7-15	Mod 9 Quiz Proj M 144 due	Mod 9: Mobile Forensics Demo: F 230


Sat 7-22	Mod 10-11 Quiz Proj F 230 due	Mod 10: Mobile App Investigations Mod 11: Mac Forensics Demos: H 420 and F 211


Sat 7-29		Last Class: No new material


Sat 7-22 through Sat 7-29		Final Exam available online throughout the week. You can only take it once.

All quizzes due 30 min. before class * No late penalty until 9-10

Projects

Submitting Projects

CCSF students must do these things to get credit:

Perform the project steps until you find a flag
Capture a whole-desktop image showing the flag
Outline or highlight the flag in the image
Submit the image in the appropriate Project in Canvas
Type the flag into the text field

Autopsy User Documentation

Setup

H 101-4: Binary Games (20 pts.)
F 60: Cloud Server on Azure (15 pts)
D 11: Chrome Remote Desktop (10 pts extra)
D 12: SSH Tunnel (10 pts extra)
ED 32: Windows 10 Virtual Machine (15 pts extra)

Using Autopsy

F 200: Examining a Forensic Image with Autopsy (15 pts.)
F 201: Rhino Hunt with Autopsy (15 pts + 10 extra)
F 202: Rhino Hunt with Wireshark (15 pts + 15 extra)
F 210: Memory Analysis with Autopsy (15 pts + 30 extra)
F 220: Capturing and Examining the Registry (15 pts)
F 221: Examining a Windows Disk Image (25 pts extra)
M 140: Android Studio Emulator (15 pts extra)
M 142: Rooting Android Studio's Emulator (15 pts extra)
M 143: Forensic Acquisition from Android (15 pts extra)
M 144: Android Analysis with Autopsy (10 pts)
M 145: Making a Rooted Android Emulator (10 pts extra)
F 230: iPhone Analysis with Autopsy (20 pts)
F 231: Scanning an iPhone Backup for Malware (15 pts extra)

Other Tools

H 420: Wireshark (110 extra)
F 211: Memory Forensics of LastPass and Keeper (25 extra)

IR 100: Windows and Linux Machines (20 pts extra)
IR 371: Velociraptor Server on Linux (25 pts extra)
IR 372: Investigating a PUP with Velociraptor (40 pts extra)
IR 373: Investigating a Bot with Velociraptor (50 pts extra)
IR 374: Investigating a Two-Stage RAT with Velociraptor (35 pts extra)

Scoreboard · Submit Flags · Updated: 7-22-23 10:03 am