Courses in Digital Forensics
B FOR 100 Introduction to Information Systems (3)
This course provides a foundation of information systems concepts that can be applied to future learning in advanced topics. The course will include background in the history and social implications of computing including cyber ethics; emergent and contemporary information technology and its nomenclature; information and data abstraction, representation, manipulation and storage; operating systems; networking and the Internet, programming languages, logic, and algorithms; database systems; digital graphics and multimedia; and information security.
B FOR 201 (formerly B ITM 201) Introduction to Digital Forensics (3)
In this course, students will learn the fundamental process of analyzing data collected from electronic devices (including computers, media, and other digital evidence). Students will become familiar with proper techniques and tools utilized for securing, handling and preserving digital and multimedia evidence at physical crime scenes. Students will utilize examination and chain of custody forms, as well as prepare crime scene and digital acquisition reports related to administrative, civil and criminal investigations. Only one version of B FOR 201 may be taken for credit. Offered fall and spring semesters.
B FOR 202 (formerly B ITM 202) Cyber Crime Investigations (3)
This course will teach students forensic investigative techniques specifically for managing cyber crimes including collection and preservation of data from different sources, such as the Internet and "cloud" computing environments. Students will learn the legal processes available for collecting and preserving such evidence in conducting cyber investigations. Only one version of B FOR 202 may be taken for credit. Offered fall semester only.
B FOR 203 Networking and Cryptography (3)
This course will cover three primary areas of networking: Networking Components, Secure System Design fundamentals, and Cryptography. In this class, students will gain a basic understanding of network components, their roles, and how they interact in systems. Basic network architectures will be covered, and how they relate to specific host/client needs. Students will learn how to track and identify the packets involved in a simple TCP connection. They will learn to use networking tools such as WireShark, and network mapping tools, such as NMap. A thorough understanding of the first principles of security will be conveyed, including why each principle is important, and how it enables the design and development of security mechanisms that can meet and implement security policies. Security failures will be analyzed so that students can learn to identify: the specific failures; the design principles that have been violated; which principles are needed in specific scenarios. Human/machine interface principles will be discussed, and their importance in design and usage. Students will explore the connections between security and usability, and the importance of minimizing the effects of security mechanisms.
B FOR 204 Introduction to Cybersecurity (3)
This course provides students with foundation for future learning in information security. Students will be exposed to information security terminology and concepts and apply them through labs and exercises throughout the course. First, students will be given a recap of networking concepts related to information system including the OSI/Internet models and TCP/IP protocol suite. Subsequently, the class will learn of different threats and motivations as well as the types of cyber attacks. Attacks covered in the course include, malware, protocol based attacks (spoofing, session hijacking, caches poisoning, etc.), Denial-of-Service, and attacks on the web. Also included in this course are psychological aspects of information security, vulnerabilities of computer networks, and cyber warfare. Prerequisite(s): B FOR 203.
B FOR 205 Introduction to Database Systems (3)
Database systems are extensively used where large amounts of data must be stored for efficient update, retrieval, and analysis. The purpose of this course is to provide a comprehensive introduction to modern database management systems (DBMS). Students will learn to create databases and database objects, solve problems by constructing database queries using Structured Query Language (SQL), and practice data modeling and data normalization techniques. Students will also develop insights into advanced data management topics and technique trends.
B FOR 206 Programming for Analytics (3)
This course introduces students to programming concepts that will help them in the process of data analytics. Students will learn to use shell scripting language to quickly sort, search, and clean data as well as the more structured Python language to process large data sets. Students will be expected to have basic familiarity with the Linux operating system as well as basic programming constructs such as loops, logic statements, and variable declaration. Students will be expected to both complete programming assignments as well as engage in data analysis employing the programming skills learned in the class. Prerequisite(s): B FOR 100.
B FOR 300 Databases for Digital Forensics (3)
A large part of digital forensics deals with extraction and collection of data across electronic devices each of which has different architecture. In this class students learn the traditional relational database design and then understand the architecture of data storage in mobile electronic devices. The class also discusses in depth the storage of data on the cloud and the ramifications of that on digital forensics. Students also learn the basic techniques for analyzing data including use of Structured Query Language, data mining techniques and social network analysis. Students will also use scripting languages to efficiently clean up data from text files and extract information from files. Prerequisite(s): B FOR 100 or permission of instructor. Offered fall semester only.
B FOR 301 (formerly B ITM 301) Computer Forensics (3)
This course prepares students to conduct digital forensic examination of computers, removable media and other electronic devices. Students will use digital forensics tools and techniques to analyze digital evidence pursuant to an investigation, while utilizing industry standards and best practices. This course will prepare students in the development and implementation of forensic incident response plans, policies and procedures. Students will engage in oral and written reporting outlining digital forensic analysis findings and conclusions, in a professionally acceptable manner, pursuant to administrative, civil and criminal legal proceedings. Prerequisite(s): B FOR 201.
B FOR 302 (formerly B ITM 302) eDiscovery Forensics (3)
This course prepares students for the electronic collection, preservation and management of corporate information. It provides a foundation on basic corporate incident response challenges and proper collection methods for electronic data subject to legal and regulatory requirements. Students will utilize forensics tools for searching, culling and presenting corporate data, pursuant to administrative and civil eDiscovery cases. Offered fall semester only.
B FOR 303 Computer and Memory Forensics (3)
This course prepares students to conduct a digital forensic examination and analysis involving complex cases, electronic devices and data, as well as other forensic processes utilized to ensure government and corporate continuity. This course will demonstrate the importance of memory forensics through memory analysis with Windows, Linux, and Mac OS X. This course will prepare students to develop and implement policies and procedures for computer forensic laboratories involving operations and quality control management. It prepares students to compose and present oral and written reports that include laboratory audits, forensic analysis findings and court presentation material. Prerequisite(s): B FOR 201.
B FOR 304 Mobile Forensics (3)
This course provides students with an overview of mobile forensics investigation techniques and tools. It exposes students to procedures for conducting live network forensics of mobile devices and data. Students will learn mobile forensics procedures and principles, related legal issues, mobile platform internals, bypassing passcode, rooting or jailbreaking process, logical and physical acquisition, data recovery and analysis, and reporting. This class provides in-depth coverage of iOS and Android platforms and prepares students to collect, preserve, and examine mobile data that may be critical to an investigation. Students will develop network incident response plans, policies and procedures relevant to corporate networks and data, as well as mobile corporate assets, such as mobile devices. It prepares students to compose and present oral and written reports that outline network and mobile device forensic analysis findings that are technically and legally acceptable in administrative hearings and court proceedings. Prerequisite(s): B FOR 201.
B FOR 305 Cyber Defense (3)
This course provides students with a deep dive into cyber security tools. Topics covered in this class include techniques for protecting networks and data, basic elements of symmetric and asymmetric cryptography, secure e-commerce, secure transmission, authentication, digital signatures, digital certificates and Public Key Infrastructure (PKI). The course will also discuss current legislation and standards related to information security and their relevance to the international workplace. Prerequisite(s): B FOR 204.
B FOR 306 Database Security and Forensics (3)
Students will learn the security and forensics aspects of databases, specifically, assessment and analysis of database best practices that include: data security policy, access control, intrusion detection, data obscurity, fraud detection, encryption, virtual private databases and physical security. Prerequisite(s): B FOR 204 and B FOR 205.
B FOR 400 Forensic Accounting and Fraud Detection (3)
This course provides an overview of occupational fraud including misappropriation of assets, financial statement fraud and corruption as well as other forensic accounting engagements such as tax fraud and matrimonial disputes. The course will explore the characteristics of specific fraud schemes along with the characteristics of those who perpetrate them (according to the Annual Report to the Nations compiled by the Association of Certified Fraud Examiners). Students will acquire an understanding of the generally accepted accounting principles violated by the schemes. Students will become versed in the principles of internal control over the financial reporting system including how these principles work to deter financial fraud and ensure compliance with external requirements. Relevant guidance from the professional, regulatory and legal environment will be discussed. Prerequisite(s): B ACC 211. Offered fall semester only.
B FOR 401W Advanced Digital Forensics (4)
Instructor will guide students through proficiency testing by utilizing digital forensic skills obtained in previous coursework to develop an incident response plan to guide a forensic investigation. Based on case-study scenario, students will also conduct forensic analysis of several items of digital evidence, prepare comprehensive written forensic laboratory reports and present findings to a panel of legal, forensics and management subject matter experts for constructive feedback. Students will also prepare exhibits and other materials for court presentation purposes based on the case-study scenario, forensic analysis findings and written laboratory reports. Instructor will conduct quality control assessments to ensure students are performing forensic analysis that is in compliance with industry standards guiding forensic and laboratory work environments. Prerequisite(s): B FOR 301 and B FOR 303. Offered fall semester only.
B FOR 402 eDiscovery Forensics and Moot Courts (4)
Electronic discovery (eDiscovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. This course will teach students the process of eDiscovery and developing testimony that can be presented in courts. The course will involve presenting evidence through the use of moot court. Prerequisite(s): B FOR 201 and R CRJ 202 or B LAW 220.
B FOR 403 Risk Analysis & Security Policies (3)|
As the pervasiveness and frequency of security attacks continue to become commonplace, every organization needs to have a strategy for managing security risks. Cybersecurity and Digital Forensics professionals need to have the expertise to assist organizations manage security risks. This course is designed to introduce students to the field of information security risk. The course will explore the phases of a risk management program, focusing on the processes for analyzing and assessing risk. Students will learn how to quantitatively and qualitatively assess risk, how to measure risk, and how to develop security policies for mitigating risk. The course will incorporate common cases to provide a holistic view of how to properly use tools to calculate the costs and benefits of security investments. Prerequisite(s): B FOR 204 and B FOR 305.
B FOR 404 Forensic Accounting Investigative Techniques (3)
Students will learn the process and principal techniques for conducting fraud examinations and other forensic investigations as well as why careful attention to them is critical to a successful investigation. Students will learn the role of analytical review procedures in the investigation of financial fraud. Document analysis and the art of effective interviewing during investigations will be explored. Students will learn the proper procedures for evidence handling. Finally students will learn to write a report that succinctly and effectively communicates the completed investigation. Relevant guidance from the professional, regulatory and legal environment will be discussed. Prerequisite(s): B ACC 400. Offered spring semester only.
B FOR 410 International Cyber Conflicts (3)
Cybersecurity is an international problem where the perpetrators and victims of attacks may be in completely disparate locations. Cyber attacks have morphed from cyber crime and amateur display of prowess into cyber warfare and espionage among nations. While the issues are international there is little consensus on how to investigate them, create universally acceptable norms, and create international laws across multiple countries to manage them. This course discusses some of these sensitive issues regarding information security and cyber warfare. The hope is to improve understanding between professionals and students across countries in order to foster cooperation in resolving cyber conflicts. The class will include cases and discussions that will touch on the sensitive security related topics.
B FOR 411 Supervisory Control and Data Acquisition (SCADA) Forensics (3)
Supervisory Control And Data Acquisition (SCADA) systems are computer systems controlling large-scale, industrial equipment, often underlying important infrastructural assets such as power plants, water distribution facilities, and communication networks. This class is intended to familiarize students with how to forensically investigate and secure SCADA system. Due to the nature and impact of SCADA systems on human lives they typically have more requirements than standard systems. Because SCADA systems are imbedded into critical infrastructure it is vital to understand the regulatory compliance and system governance associated with these systems. As recent events, both domestically and internationally, have demonstrated, SCADA forensics skills are increasingly important and in demand today. Prerequisite(s): B FOR 201.
B FOR 412 Cyber Incident Response and Penetration Testing (3)
This course will discuss detection, management, and recovery from different types of incidents. Detecting and responding to security incidents are important parts of managing information security in an organization. Despite the best security infrastructure and policies in place, security incidents are inevitable. Each type of incident requires a specific handling process. Students will learn to identify the data sources, e.g. log files, and how to process the data into a meaningful analysis format. The class will cover analysis of individual files, as well as techniques to correlate information across multiple log sources to build a chain of evidence across those log files. Students will perform hands-on work during the tutorial using data sets that are representative of real life incidents. By the end of class, students will understand and be able to perform full scale cyber incident response. Prerequisite(s): B FOR 204, B FOR 206, and B FOR 305.
B FOR 413 Multimedia Forensics (3)
This course prepares students to conduct digital forensic examinations on multimedia evidence, specifically images, videos and audio files. The course builds student knowledge from the basics of multimedia types to being able to recognize anomalies in the files and identify file creation attributes. Students will learn how to examine multimedia files manually and through automated processes utilized by digital forensic tools. Students will prepare written reports outlining their findings of analysis, in a professionally acceptable manner, pursuant to administrative, civil and criminal legal proceedings. Prerequisite(s): B FOR 201.
B FOR 414 Cyber Threat Modeling (3)
This course is an introduction to cyber threat modeling from a variety of perspectives. Included in the course are threat modeling, application of cyber threat intelligence, analysis of technical threats, 360-degree cyber threat analysis techniques, data and information sources that feed the threat analysis cycle and hands-on exercises using security data. The course is heavily lab-oriented and each class will have a specific lab objective to be achieved by students working in teams of two. Periodic quizzes will make up the testing portion of the course but instead of a mid-term and final exam there will be a final lab exercise that will involve all of the tools and techniques used during the course. That final lab will be constructed from real world events occurring during the final half of the semester. Students also will prepare a research project and present it both as a formal paper to be turned in and a class presentation. Prerequisite(s): B FOR 203, working knowledge of networking (TCP/IP protocol stack).
B FOR 415 Hacking for Penetration Testers (3)
In this course, students will learn the tools, attacks, techniques, strategies and tactics to jump start their penetration testing career and infiltrate any network or system. This hands-on, how-to course gives students an in-depth overview of penetration testing and how to test for computer/network/web vulnerabilities. From internal to external hacking, students will be able to understand the vulnerabilities that an attacker could exploit. Throughout the course, the students will have the opportunity to work with various tools, attacks, software, and tactics. Prerequisite(s): B FOR 203, B FOR 204, B FOR 305.
B FOR 416 Advanced Data Analytics (3)
This is a course with primary application to data analytics from a variety of domains, such as healthcare, finance, e-commerce, social media, etc. Learning objectives for students are to broadly understand the widely used machine learning algorithms and to gain hands-on experience with data preprocessing, feature extraction, and information visualization, when applying the learned algorithms to solving practical problems. A basic understanding of engineering and technology principles is strongly encouraged, including basic programming skills as well as sufficient mathematical background in probability, statistics, and linear algebra. Prerequisite(s): A MAT 108 or R CRJ 281 and B FOR 206.
B FOR 418 Assembly Language and Malware Reverse Engineering (3)
Reverse engineering of malware is the process of examining the disassembled code of malware via a disassembler or hex editor to better understand the code logic. The analysis helps understand the behavior of the malware by executing it in a quarantined environment to prevent contamination of the rest of the environment. The behavior could include files accessed, network communication, and processes launched, etc. The class also covers fundamentals of assembly language and hex editing which are useful for the code analysis. Students will be able to use code disassemblers to generate assembly language code from machine-executable code. Students will also learn about different types of malware and how to fingerprint malware. Prerequisite(s): B FOR 204 and B FOR 206.
B FOR 419 System Administration & Operating Systems Concepts (3)
A practical study of the secure management of multiple internet connected server and workstation computers. System setup and periodic maintenance (with topics such as OS installation, filesystems, application server software builds, patching, performance monitoring) combined with issues of availability (including networking and remote access, backup and restores, user accounts) and interoperability issues. Prerequisite(s): B FOR 100.
B FOR 420 National Cybersecurity Challenge Problems (3)
This course exposes students to national cybersecurity challenge problems that our National Labs are currently dealing with and is suitable for seniors who are majors in Digital Forensics, Computer Science, Mathematics, and Cybersecurity. This is an experiential learning course where student teams will work closely with the faculty instructor and scientists in a National Lab or a Government Agency dealing with cybersecurity or intelligence problems. Students will work in teams to plan and solve the problems.