Course Length:

40 hours over 10 weeks (2 two-hour meetings per week)

Course Description:

Procedures for identification, preservation, and extraction of electronic evidence. Auditing and investigation of network and host system intrusions, analysis and documentation of information gathered, and preparation of expert testimonial evidence. Forensic tools and resources for system administrators and information system security officers. Ethics, law, policy, and standards concerning digital evidence. This course has been improved and is offered in both an undergraduate version (COEN 152) and graduate version (COEN 252).

Course Learning Objective:

Competence in using established forensic methods for the handling of electronic evidence. Appreciation for rigorous audit, logging, and data archival practices.

Major Topics:

Awareness of magnetic and optical remanence. Awareness of major categories of vulnerabilities in and threats to information systems security. Understanding of auditing, monitoring, and technical surveillance countermeasures. Awareness of communications security, employee accountability for agency information, and protection of information. Awareness of legal elements of security. Understanding of concepts of risk management. Understanding of physical, personnel, and administrative security practices and procedures. Understanding of software security, network security, and key management.

Method of Instruction:

Lectures, readings, case studies, homeworks, projects

Evaluation Methods:

Tests, assignments, projects