Purdue School of Engineering and Technology

Purdue School of Engineering and Technology

Digital Forensics

CIT 42000 / 3 Cr.

This course covers the fundamentals of computer forensics and cyber-crime scene analysis. The various laws and regulations dealing with computer forensic analysis will be discussed. Students will be introduced to the emerging international standards for computer forensic analysis, as well as a formal methodology for conducting computer forensic investigations.




Course Outcomes (What are these?)

  • Apply the principles and procedures of computer forensics (CIT i, m)
  • Apply the principles and procedures of mobile forensics (CIT i, m)
  • Apply the principles and procedures of network forensics (CIT i, m)
  • Demonstrate an understanding of the various laws dealing with computer forensic analysis (CIT e, g)
  • Use digital forensics applications and tools (CIT i)
  • Understand the rules of evidence and the importance of the chain of custody (CIT e, g, m)
  • Explain the basic principles of computer forensics and the fundamentals of crime scene analysis (CIT e, m)
  • Adapt to the changing face of security (CIT h)
  • Apply team management skills (CIT d)

CIT Student Outcomes (What are these?)

(d)  An ability to function effectively on teams to accomplish a common goal.

(e) An understanding of professional, ethical, legal, security and social issues and responsibilities.

(g) An ability to analyze the local and global impact of computing on individuals, organizations, and society.

(h) Recognition of the need for and an ability to engage in continuing professional development.

(i) An ability to effectively integrate IT-based solutions into the user environment.

(m) An understanding of best practices and standards and their application.
  • Digital forensics science
  • Cyber crime scene analysis
  • Evidence management & presentation
  • Computer Crime
  • Computer Forensics
  • Network Forensics
  • Mobile Forensics
  • Legal aspects of digital forensics
  • Laws and regulations
Principles of Undergraduate Learning (PULs)

3. Integration and Application of Knowledge

4. Intellectual Depth, Breadth, and Adaptiveness

5. Understanding Society and Culture

6. Values and Ethics

What You Will Learn

Digital Forensics Science

  • Define forensics science
  • Define computer forensics
  • Define digital forensics

Cyber Crime Scene Analysis

  • Explain the various court orders etc. required to search and seizure electronic evidence
  • Describe exceptions to the wire tap act
  • Explain the difference between retrieved and unretrieved communications
  • Discuss the importance of understanding what court documents would be required for a criminal investigation

Evidence Management & Presentation

  • Create and manage shared folders using Windows Explorer and the Microsoft
  • Describe the importance of the forensic mindset
  • Define the workload of law enforcement
  • Explain what the normal case would look like
  • Define who should be notified of a crime
  • List the three parts of gathering evidence
  • Define probable cause
  • Apply probable cause

Computer Crime

  • Describe the science of digital forensics
  • Categorize the different communities and areas within digital forensics
  • Explain where computer forensics fits into digital forensics
  • Describe criminalistics as it relates to the investigative process
  • Discuss the 3 As of the computer forensics methodology
  • Critically analyze the emerging area of cyber-criminalistics
  • Explain the holistic approach to cyber-forensics

Computer Forensics

  • Create and manage shared folders using Windows Explorer and the Microsoft Management Console
  • Manage shared folder permissions
  • Prepare a case
  • Begin an investigation
  • Understand computer forensics workstations and software
  • Conduct an investigation
  • Complete a case
  • Critique a case

Network Forensics

  • Develop techniques for performing mobile forensics
  • Use mobile forensics tools
  • Develop skills using forensics methodologies

Mobile Forensics

  • Develop skills using open-source security tools for network forensic analysis
  • Understand the requirements for preservation of network data
  • Develop skills using forensics methodologies

Legal Aspects of Digital Forensics

  • Define and apply the Fourth Amendment
  • Define and apply the Fifth Amendment
  • Describe the various major world legal systems
  • Explain the differences between civil and criminal law
  • Discuss the advantages and disadvantages of the EoC Convention on Cybercrime
  • Explain the various US legislation and regulations that impact technology
  • Describe the fundamental difference between the wire tap act and ECPA

Laws and Regulations

  • Prosecutorial Remedies and Tools Against the Exploitation of Children Today Act (PROTECT Act)
  • Homeland Security Act of 2002 (Amendments)
  • USA Patriot Act
  • Federal Criminal Code Related to Computer Intrusions
  • 18 U.S.C. - 1029. Fraud and Related Activity in Connection with Access Devices
  • 18 U.S.C. - 1030. Fraud and Related Activity in Connection with Computers
  • 18 U.S.C. - 1362. Communication Lines, Stations, or Systems
  • 18 U.S.C. - 2510 et seq. Wire and Electronic Communications Interception and Interception of Oral Communications
  • 18 U.S.C. - 2701 et seq. Stored Wire and Electronic Communications and Transactional Records Access
  • 18 U.S.C. - 3121 et seq. Recording of Dialing, Routing, Addressing, and Signaling Information