Digital Forensics
This course introduces the basic concepts and technologies of digital forensics. Students will learn the fundamental techniques and tools utilized for collecting, processing, and preserving digital evidence on computers, mobile devices, networks, and cloud computing environments. Students will also engage in oral and written communication to report digital forensic findings and prepare court presentation materials.
At the end of this course students will be able to:
- Recognize the duties of a digital forensic investigator and the requirements of a lab environment.
- Utilize data collection tools and methods necessary for recovering and identifying different digital forensic artifacts left by attacks.
- Utilize appropriate methods to preserve the integrity of digital evidence and acquire a forensically sound image.
- Analyze different types of digital evidence to extract the related information important to a case under investigation.
- Prepare evidence, findings and results of analysis in a digital forensic report.
Assignments
Instructions: Read the following case scenario and then prepare a written report that documents and outlines the plan for a COMPUTER forensics lab. Physical/DNA other divisions are OUT OF SCOPE. Any sections that have plans for setting up those kinds of labs will get a zero. In your report incorporate all of the elements stated in the grading criteria below.
Case Scenario: You have been hired to create and run a brand new digital forensics lab for a mid-sized police department. Your assignment is to come up with a plan for the lab for the next 3 years.
Grading Criteria: The content requirements and points for this for the report outline below.
Criteria Maximum Points
Diagram for the labs physical layout. Visio or other diagram software preferred but Excel can be used if that is not available. Must include evidence storage for up to 20 cases, 2 analysis computers, and physical security measures. 20
Inventory of equipment needed. Minimum of items in diagram, software and other hardware needed. 20
Lab accreditation plan 20
Lab maintenance plan 20
Staffing: Lab manager and technician requirements (job descriptions) 20
Total 100
Case Scenario: You were hired as a forensic expert to investigate alleged contact between US and Russian officials. The owner of the laptop and phone has “lawyered up” and is not saying anything about what they were doing or any meetings that may have happened. You performed a forensic analysis on the laptop and cell phone of a high ranking US government official. You are now writing your official report to the prosecutor as evidence that may go to court in the future. During the investigation you found the following:
- On the phone – a text confirming a lunch meeting on 2/15/20xx and the phone number was labeled “Red Ralph” in the contact list.
- On the laptop – several email communications about meetings and payment for “consulting services” between the official and RedRalph@gmail.com
- On the laptop – several deleted zip files of classified material that web logs show were uploaded to a file sharing site. It is not clear if they were downloaded by anyone.
Note: For the purposes of this report, all evidence is to be made up by the student.
Grading Criteria: The content requirements and points for this for the report outline below.
| Criteria | Maximum Points |
| Case identifier or submission number. Case investigator. Identity of the submitter. Date of receipt | 10 |
| Descriptive list of items submitted for examination, including serial number, make, and model. | 10 |
| Brief description of steps taken during examination, such as string searches, graphics image searches, and recovering erased files. | 40 |
| Results/conclusions. | 40 |
| Total | 100 |