Digital Forensics (DF)

DF 188 No Norwich Equivalent 6 Cr.

DF 242 Computer Forensics I 4 Cr.

This course provides the student with an ability to perform basic forensic techniques and use appropriate media analysis software. Knowledge of the security, structure and protocols of network operating systems and devices are covered as students learn to gather evidence in a networked environment and to image and restore evidence properly without destroying its value. Students learn and practice gaining evidence from a computer system while maintaining its integrity and a solid chain of custody. Within the laboratory, students gain hands-on experience in the use of current investigative tools. 3 Lecture hours and 2 Lab hours. Cross-listed as CJ 442, cannot earn credit in DF 242 and CJ 442. Prerequisites: CS 100, grade of C or higher. Offered: Fall, Spring.

DF 288 No Norwich Equivalent 6 Cr.

DF 299 Pilot Course 3 Cr.

A Digital Forensics topics pilot course that is permitted to run no more than two times under the same topic. Prerequisite: Instructor Permission.

DF 311 Network Forensics 3 Cr.

Introduces digital forensic concepts and practices on local area networks, wide area networks and large scale networks such as the Internet. Lectures include topics based on table of contents in (Davidoff and Ham 2012) such as investigative techniques, and how to conduct an investigation, manage evidence and follow a cyber-trail. A large part of the course involves demonstrations and hands-on labs, including: use of network forensic tools such as packet monitors, security information and event managers (SIEMs), tracers, and other tools useful for analyzing events. Many of the labs involve analysis of packet captures of both actual attacks and theoretical malfeasance by offenders. Students have a final lab exercise instead of a final exam and are expected to research and present a final project. Prerequisite: CS 260 and CS 140 or CS 142, grade of C or higher. Offered: Fall.

DF 312 Malware Forensics 3 Cr.

This predominantly laboratory-based course is an introduction to malware forensics including both static and dynamic analysis. Students study profiling, malware behavior, behavior of malware on computer networks, anti-reversing and anti-debugging techniques, and packers. Prerequisites: CS 212, DF 242. Offered: Spring.

DF 388 No Norwich Equivalent 6 Cr.

DF 395 Cyber Criminalistics 3 Cr.

This survey course uses lecture, case studies and hands-on lab exercises in digital investigation and cyber forensics to introduce students to the investigation and analysis of cybercrime and cyber criminals. Topics include: cybercrime typology, cyber-criminal profiling, network tracking, introduction to the tools of the cyber- criminalist, techniques of cybercrime scene assessment, digital evidence management and analyzing the forensic remnants of a cyber event. During the course of the laboratory exercises, students create a personal lab notebook recording their lab exercises and manage evidence including maintaining a proper chain of custody. Prerequisites: Criminal Justice major. Sophomore 2 or higher. Offered: Fall, Spring.

DF 411 Cyber Investigation 3 Cr.

An introduction to cyber investigation, including elements of cybercrime, cyberwarfare and cyberterrorism. The course examines investigative techniques for cyber-investigators, case studies of representative cybercrimes and cyber warfare incidents, some cyber investigation tools and expert witnessing. The course builds up to a mock trial where students act as a cyber-investigation task force on an actual case of cybercrime. This is a course that incorporates extensive reading as well as hands-on lab exercises. Prerequisites: DF 242. Computer Science or Computer Security & Information Assurance major, Sophomore 2 or higher. Offered: Fall.

DF 425 Advanced Digital Forensics 3 Cr.

Students combine concepts learned through prerequisite digital forensics classes and apply that knowledge to new and emerging technological threats and challenges. Content is taught via lecture, and extensive hands-on and research-based application of knowledge to recover and analyze evidence from a range of disparate devices and contexts including: mobile phones analysis and tools; anti-forensic techniques; Internet of Things (IoT) sources; Cloud/online based sources; and, embedded systems and devices. Particular reference will be made throughout the class to existing relevant legal and ethical frameworks. 3 Lecture hours. Prerequisites: DF 242, DF 311. Offered: Spring.

DF 488 No Norwich Equivalent 6 Cr.