p. 1

cyberforensics ­ bu288 dr michael thompson e-mail mhthompson@fastmail.fm class dates march 9th ­ may 13th class orientation this course is an elective in the criminal justice and business studies department there are no prerequisites other than personal knowledge and interest it is suggested that students should have some familiarity with pcs networks operating systems and how to download and install software no consultation with me prior to the start of class is required but feel free to e-mail me if you have any questions the lecture notes and instructional supplements will be e-mailed to you and are all you need for a textbook but if you want to buy something a good text is littlejohn d tittel e 2002 scene of the cybercrime rockland md syngress isbn 1-931836-65-5 it is important to understand that the summer 2007 offering of this course is not in the face-to-face format only on-line arrangement and probably a one-time offering this course involves intensive study of the prevention detection apprehension and prosecution of cybersecurity violators and cybercriminals do not use this course as an excuse to become a hacker because serious penalties apply to any wrongdoing directed at equipment or property not your own this course covers computer vulnerabilities in a way that is smart prudent and responsible at no time will explicit step-by-step instructions be given for exploiting security vulnerabilities and no one will learn how to write a virus or worm in this course you will however learn exactly how law enforcement agencies and chief security officers of organizations go about investigating cybersecurity intrusions as well as secure their systems from breaches and vulnerabilities.

[close]

p. 2

course description requirements forensic computing digital forensics or computer forensics is the name for a newly emerging field of study and practice that incorporates many areas of expertise some of these areas have been called network security intrusion detection incident response infrastructure protection disaster recovery continuity planning software engineering cybersecurity and computer crime investigation it is recognized as an academic field of study by cert nsa and sans that has a practice equivalent in the form of a and/or cissp certified information systems security professional certification it is an area of practice in public law enforcement at the federal and state level that deals with cybercrime cybervandalism cyberpredators and cyberterrorism in the private sector it deals with critical infrastructure such as business hospitals utilities transportation finance education and other key institutions to provide a definition computer forensics is the use of procedure-centric approaches to the study of cyber-attack prevention planning detection and response with the goals of counteracting and conquering hacker attacks by logging malicious activity and gathering court-admissible chains-of-evidence using various forensic tools that reconstruct criminally liable actions at the physical and logical levels no special laboratory or classroom is required for this course however students will need either their own computer preferred or authorized access to a school lab computer the instructor will provide students with some assignments that may mention licensed and unlicensed software and in all cases freeware or shareware is involved expect to be required to download some software off the internet and install it on a computer you have administrative privileges on or alternatively to use web-based applications software that the instructor points you to by giving you the internet address for it is preferred but not absolutely necessary that students have their own personal computer equipped with some anti-virus program and firewall you will find that most assignments can be more easily completed on such a home computer connected to the internet but it is possible to do the assignments on a school lab computer with limited network privileges most lectures will have url links in them if you are being directed to an outside website.

[close]

p. 3

the suggested equipment standard is at least an athlon or pentium iii computer running as close to 1ghz as possible although a pentium iv is recommended you may have any operating system you like as this course covers them all unix windows nt/2000 windows 98/me windows xp and apple/mac students are expected to work individually on assignments although sometimes group help is allowed if a student is having problems but all such cases of collaboration must be approved by the instructor beforehand there is no collaboration allowed at all on exams the suggested software you should look into downloading a trial or free version of is provided courtesy of a few supportive vendors the premiere software tool is encase from guidance software www.encase.com but it is unlikely you ll get anything other than demos from this major law enforcement vendor other products you should look into getting a free trial or copy of include the firewall products blackice by network ice now iss or zonealarm by zone labs although there are a number of other similar products available in the security utilities download sections of zdnet and cnet it is also recommended you look into obtaining the freeware version of neotrace express and learn to use online tools like sam spade there is no need to obtain network sniffers or port scanners in this course as such things will tend to annoy your network administrators it is important however to learn file duplication comparison and analysis so a hex editor will be needed students are free to choose whatever hex editor they prefer although the free hex editor called frhed is commonly used and google maintains a list of other free binary tools don t worry if all this seems overwhelming detailed step-by-step instructions are provided on the assignments page for each assignment and how to work the software tools involved the main thing to note is that we will be using freeware tools and do not have to buy anything unless you want to personally purchase a fully-licensed version of a product required suggested readings there is no textbook required and the lecture notes serve as the textbook these lectures notes are e-mailed to you each day and consist of about 150 pages of the instructor s writing divided into 17 topical areas the knowledge base for the course consists of the printed

[close]

p. 4

resources cited at the bottom of each lecture note and internet resources cited at the bottom of each lecture note are there for a purpose for the student to explore and read what is relevant to that lecture note sometimes one of these internet resources is contained as a hyperlink within the text of a lecture note which means it is more important than a link at the bottom please report any broken links to me with any corrections improvements or suggestions you may find for each lecture note i strongly recommend you read and work with these lecture notes while online and not from some dated printout you bind in a folder although i understand the temptation to do this but in a 3credit course like this you should expect to spend at least 15 hours a week working on the course and all i m asking is that you spend some of those 15 hours online my lecture notes are dynamic not static html pages and i frequently update them a necessity in such cuttingedge courses like this above all don t try to print out all my lectures with all the related hyperlinks because you ll tie up a printer for hours and be killing a lot of trees if you prefer print look into having the library s holdings for a printed resource located at the bottom of each online lecture some final advice always always remember to include your name and the course number in any email and attachment to me the exams are challenging and require an understanding of the material not the ability to look up possible answers within the material those of you that have taken my classes in the past understand this concept dr michael thompson director of criminal justice social science department

[close]