Computer Forensics
A basic synopsis of the field of computer forensics, its importance, and the knowledge involved.
Goals
[edit | edit source]This course is designed to introduce the student to and familiarize the student with the basic concepts surrounding computer forensics. Topics that may (or may not) be covered include:
- The scientific method
- Investigating systems to determine whether anything illegal has been done
- Investigation of storage devices
- Hard disks
- Compact disks
- Solid state devices
- Identify sources of evidence
- Preserve evidence
- Analyze evidence
- Present the findings
- Federal Rules of Evidence
- Defeating countermeasures against forensic experts
- Determining the level of expertise of a supposed criminal
- Knowledge of how to shut down which machines
- Encryption keys stored in RAM
- Rules of evidence handling
- Determining legal authority to seize, image, and examine each device
- Sequence of examination
Prerequisites
[edit | edit source]Requirements might include basic computer knowledge and use. Programming knowledge is a plus but not, so far, a requirement.
Development Timeline
[edit | edit source]This course is under active development. I expect to (with all luck) have it completed by January of 2007, earlier if possible.
Enrollment
[edit | edit source]This course is still undergoing the early stages of development - if you would like to put your name down as "interested" you can do it here.
Feedback
[edit | edit source]Feedback is greatly appreciated and can be submitted via the talk page for the course or on my talk page.
Organization
[edit | edit source]Lectures will reference the Computer Forensics WikiBook (which I will create one of these days if nobody else gets to it first) and the wikibooks for the other topics at hand (cryptography, criminal justice, etc.)