Sep 29, 2023
CVF 2080 - Advanced Cyber Forensics Credits: 3
Hours/Week: Lecture 2 Lab 2
Course Description: This forensic course begins with file system fundamentals but moves rapidly to using advanced open source toolkits to perform a forensic audit of suspect computer systems. Forensic analysis is performed on gathered evidence contained in “disk images.” Using a disk image of a computer involved in an actual forensic case, students apply what they learn in class by investigating the incident in a hands-on setting.
Prerequisite(s): CVF 1065 and CVF 1092 with grades of C or higher or instructor consent.
- Collecting Persistent Data FRGCF
- Advanced Linux and Forensic tools
- Collecting Volatile Data FRGCF
- Linux File system Concept
- Image File Utilization/Conversion (E01, Raw, AFF)
- Linux File system Data Structures
- Basic Linux and Forensics tools
- Course Introduction
- Analyzing and Mounting File System
- Shadow Forensics & System Restore Points
- MACtime Analysis-Done
- Data Recovery
- Volatile Evidence Analysis
- File Sorting and Hash Comparisons
- Windows Artifacts Analysis
- Automated GUI Based Forensic Toolkits
- Network Analysis tools, Network Forensics Analysis
- Linux Media Analysis -Case Study
- Live Responses and Volatile Evidence Collection -Case Study
- Collecting & Analyzing Windows Artifact-Case Study
- Network Forensics -Case Study
- Windows Media Analysis -Case Study
- Discovering Malware on a Host -Case Study
- Malware & Root kit Analysis -Case study
At the end of this course students will be able to:
- create MAC timeline.
- extract deleted partitions and recover data file.
- conduct/analyze file layers using file name
- analyze file system and data recovery using metadata information.
- follow forensic methodologies for analyzing a case end to end.
- analyze Linux file system.
- examine difference in VISTA/XP forensics.
- analyze and compare files.
- demonstrate competency using autopsy forensic browser to analyze a case
- mount/examine windows forensic images.
- perform VISA/Windows 7, Server 2008 shadow volume copy analysis.
- perform data analysis of file sorting using hash comparison.
- perform examination of file name layer.
- perform recovery of key windows file.
- perform super timeline analysis.
- perform windows XP restore point analysis.
- recover deleted registry keys and data.
- recover deleted windows key files.
- restore points, shadow copy and registry data.
- use forensic tools to extract/recover data using file headers.
- utilize GUI toolkit to follow forensic methodology.
Competency 1 (1-6)
Competency 2 (7-10)
Courses and Registration
Add to Portfolio (opens a new window)