Sep 29, 2023  
2019-2020 Course Catalog 
2019-2020 Course Catalog [ARCHIVED CATALOG]

Add to Portfolio (opens a new window)

CVF 2080 - Advanced Cyber Forensics

Credits: 3
Hours/Week: Lecture 2 Lab 2
Course Description: This forensic course begins with file system fundamentals but moves rapidly to using advanced open source toolkits to perform a forensic audit of suspect computer systems. Forensic analysis is performed on gathered evidence contained in “disk images.” Using a disk image of a computer involved in an actual forensic case, students apply what they learn in class by investigating the incident in a hands-on setting.
MnTC Goals

Prerequisite(s): CVF 1065  and CVF 1092  with grades of C or higher or instructor consent.
Corequisite(s): None
Recommendation: None

Major Content
  1. Collecting Persistent Data FRGCF
  2. Advanced Linux and Forensic tools
  3. Collecting Volatile Data FRGCF
  4. Linux File system Concept
  5. Image File Utilization/Conversion (E01, Raw, AFF)
  6. Linux File system Data Structures
  7. Basic Linux and Forensics tools
  8. Course Introduction
  9. Analyzing and Mounting File System
  11. Shadow Forensics & System Restore Points
  12. Reporting
  13. MACtime Analysis-Done
  14. Data Recovery
  15. Volatile Evidence Analysis
  16. File Sorting and Hash Comparisons
  17. Windows Artifacts Analysis
  18. Automated GUI Based Forensic Toolkits
  19. Network Analysis tools, Network Forensics Analysis
  20. Linux Media Analysis -Case Study
  21. Live Responses and Volatile Evidence Collection -Case Study
  22. Collecting & Analyzing Windows Artifact-Case Study
  23. Network Forensics -Case Study
  24. Windows Media Analysis -Case Study
  25. Discovering Malware on a Host -Case Study
  26. Malware & Root kit Analysis -Case study

Learning Outcomes
At the end of this course students will be able to:

  1. create MAC timeline.
  2. extract deleted partitions and recover data file.
  3. conduct/analyze file layers using file name
  4. analyze file system and data recovery using metadata information.
  5. follow forensic methodologies for analyzing a case end to end.
  6. analyze Linux file system.
  7. examine difference in VISTA/XP forensics.
  8. analyze and compare files.
  9. demonstrate competency using autopsy forensic browser to analyze a case
  10. mount/examine windows forensic images.
  11. perform VISA/Windows 7, Server 2008 shadow volume copy analysis.
  12. perform data analysis of file sorting using hash comparison.
  13. perform examination of file name layer.
  14. perform recovery of key windows file.
  15. perform super timeline analysis.
  16. perform windows XP restore point analysis.
  17. recover deleted registry keys and data.
  18. recover deleted windows key files.
  19. restore points, shadow copy and registry data.
  20. use forensic tools to extract/recover data using file headers.
  21. utilize GUI toolkit to follow forensic methodology.

Competency 1 (1-6)
Competency 2 (7-10)

Courses and Registration

Add to Portfolio (opens a new window)