School of Arts and Sciences MS Economic Crime Forensics/MS Information Technology Leadership ECF/INL 665 Computer Digital Forensics
INSTRUCTOR CONTACT INFORMATION Instructor: Edward Monaghan Location: Online Office Hours: by appointment in an online forum or via telephone Email:
[email protected] Please contact me via email for any questions. INSTRUCTOR BIO Edward Monaghan is a 27 year veteran of the Philadelphia Police Department. His experience includes over 20 years of investigative experience dealing with white collar crime. His assignments have included the Major Crimes Unit; Computer Crime Unit; Regional Computer Forensics Laboratory and Municipal Corruption Unit. COURSE OVERVIEW This course examines techniques used to conduct computer crime investigations and gather probative evidence to secure a conviction under state and federal laws. Students will simulate a computer forensic investigation: developing an investigation plan, securing the crime scene, analyzing evidence, and preparing the case for court. COURSE DATES March 14, 2016 to May 6, 2016 PREREQUISITES In order to be most successful in this course, you should have successfully satisfied the following requirements:
Knowledge of Microsoft Word and PowerPoint Use of the asynchronous Course/Learning Management System Canvas Use of the synchronous conferencing system gotomeeting/gototraining
Last Modified: 3/3/2016
Page 1 of 8
© 2016 LaSalle University
School of Arts and Sciences MS Economic Crime Forensics/MS Information Technology Leadership ECF/INL 665 Computer Digital Forensics
COURSE OUTCOMES
Identify legal issues involved with electronic data collection Plan procedures and processes for protecting data prior to collection Verify and maintain electronic data for evidence collection Recommend, propose and select investigation tools Construct forensic evidence collection procedures Implement evidence collection using selected tools
REQUIRED TEXTBOOKS AND MATERIALS TEXTBOOKS REQUIRED
Nelson, Phillips, and Steuart. (2015). Guide to Computer Forensics and Investigations. 5th Edition. Cengage Learning ISBN 9781285060033 National Institute of Justice. Electronic Crime Scene Investigation: A Guide for First Responders, 2nd Edition (2008); NCJ 219941* National Institute of Justice; Forensic Examination of Digital Evidence: A Guide for Law Enforcement (2008); NCJ 199408* National Institute of Justice; Investigations Involving the Internet and Computer Networks (2007); NCJ 210798*
* - These publications are available free in electronic format from the National Criminal Justice Reference Service; www.ncjrs.gov, References and/or copies of the PDFs will be made available on the LMS System. SITES: www.nist.gov – search computer/digital forensics – reports on procedures and tool testing www.digitalcorpora.org – various (computer digital) images used for testing forensic tools www.cert.org/forensics/tools (linux) fedora forensic tool MATERIALS Computer which communicates via the Internet Webcam Headset or microphone
Last Modified: 3/3/2016
Page 2 of 8
© 2016 LaSalle University
School of Arts and Sciences MS Economic Crime Forensics/MS Information Technology Leadership ECF/INL 665 Computer Digital Forensics
USB Drive for storing materials from lab sessions and lab exercises—These will be sent at the beginning of the semester. TECHNICAL SUPPORT The IT Helpdesk (215-951-1860) provides support for our online academic service weekdays. Students can submit a support request using Web Helpdesk at http://helpdesk.lasalle.edu or by following the link on the MyLaSalle portal Resources, Information Technology page http://www.lasalle.edu/technology/index.php?section=support_training&page=getting_help. With tools for the lab part of this course, you need to contact the instructor or refer to the help for the tool. The help desk cannot provide information on this. COURSE STRUCTURE THE TENTATIVE SYLLABUS FOR THE COURSE IS LISTED BELOW: The scheduled day for synchronous sessions for this course is WEDNESDAY.
Week Wk1 – 3/14 Digital Crime Scene Processing Wk2 – 3/21 Preparing for Court
Topic/Reading
Assignments
Guide to Computer Forensics and Investigations – Chapter 1&4
Synchronous Session Crime Scene Lab
Electronic Crime Scene Investigation: A Guide for First Responders pgs. 1-34 Guide to Computer Forensics and Investigations – Chapter 15
Discussion Quiz 1
Digital Evidence in the Courtroom: A Guide for Law Enforcement and Prosecutors, pgs 23-52 Guide to Computer Forensics and Wk3 – 3/28 Imaging Media & Deleted Investigations – Chapter 3 File Recovery Guide to Computer Forensics and Wk4 – 4/4 Investigations – Chapter 5 Windows OS
Synchronous Session Imaging and Deleted File Recovery Lab Discussion Quiz 2
Wk5 – 4/11 Media Analysis Wk6 – 4/18 Graphic Files
Synchronous Session File Signatures/Carving Lab Discussion Quiz 3
Last Modified: 3/3/2016
Guide to Computer Forensics and Investigations – Chapter 6 Guide to Computer Forensics and Investigations – Chapter 8
Page 3 of 8
© 2016 LaSalle University
School of Arts and Sciences MS Economic Crime Forensics/MS Information Technology Leadership ECF/INL 665 Computer Digital Forensics
Wk7 - 4/25 Email Investigations Wk8 – 5/2 Cell Phone Investigations
Guide to Computer Forensics and Investigations – Chapter 11 Guide to Computer Forensics and Investigations – Chapter 12
Synchronous Session Email & Metadata Lab Discussion Quiz 4
COURSE REQUIREMENTS Students will have individual responsibility for participating in online discussions. Students will also work in collaborative virtual teams with members communicating and working electronically. Activities will be posted as they are assigned.
PARTICIPATION In the collaborative environment, students are expected to communicate clearly, effectively, professionally, and respectfully to their colleagues and to the instructor. COURSE REQUIREMENTS: HOMEWORK AND LAB ASS IGNMENTS (50%) The assignments will mainly involve specific tasks experimenting with forensic tools and data. The rubric for each assignment will be posted with the assignment. QUIZZES (20%) The exams will involve both understanding of theory and of details of digital computer forensics laws, and issues. Students will need to demonstrate understanding of terminology, ability to retrieve, analyze and control evidence. DISCUSSION BOARD AND PARTICIPTION IN ONLINE ACTIVITIES (30%) Active and informed participation is required in all in-class and online discussions. For online discussions, based on current computer forensics cases, students will be required to post a total of 2-3 responses per week for discussion questions/wiki formats that are posted. ASSIGNMENT/LAB DUE DATES Due dates will be provided when the project and assignments are released. You have the materials needed in the packets sent in the mail.
Last Modified: 3/3/2016
Page 4 of 8
© 2016 LaSalle University
School of Arts and Sciences MS Economic Crime Forensics/MS Information Technology Leadership ECF/INL 665 Computer Digital Forensics
LEARNER EXPECTATIONS Students are expected to:
Complete all readings and assignments by the due date Check the online course material and discussion for a on a daily basis during the work week and at least once on the weekend Participate actively in online discussions Take initiative to review suggested reading sources and contribute items of interest to course discussions Engage the instructor immediately if any problems arise that may prevent the student from completing the above requirements
The instructor is expected to:
Post all course materials and assignments in a timely manner Make him/herself available by email and/or online chat for student questions or concerns Check the course each day during the work week and at least once on the weekend and contribute to the online discussion areas Provide each student with weekly feedback on their progress in the course Grade and return all assignments in a timely manner
EVALUATION AND ASSESSMENT OF LEARNER PERFORMANCE
Quizzes (20%) Homework and Lab Assignments (50%) Discussion Questions and Online Participation (30%)
ACADEMIC HONESTY A high level of responsibility and academic honesty is expected from our students and it is imperative that a student demonstrates high ethical standards in his/her academic work. Information about Academic Integrity is posted on the Provost’s channel of the University’s portal at http://www.lasalle.edu/portal/provost/intprop/AIP.swf. Academic dishonesty includes, but is not limited to, submission as one’s own work or material that is not one’s own. Plagiarism from the web or from any other source is unacceptable and will be dealt with under the university’s policy on plagiarism. Students suspected of academic dishonesty are subject to disciplinary actions. Please refer to the LaSalle Student handbook.
Last Modified: 3/3/2016
Page 5 of 8
© 2016 LaSalle University
School of Arts and Sciences MS Economic Crime Forensics/MS Information Technology Leadership ECF/INL 665 Computer Digital Forensics
http://www.lasalle.edu/students/dean/divpub/manuals/sgrrr/docs/sgrrr2007.pdf Students who are guilty of plagiarism or academic dishonesty will receive a grade of zero (0) for the pertinent assignment or test. A useful source about academic honesty is available from the University of Toronto at http://www.utoronto.ca/writing/plagsep.html. If you have a question about the authenticity of your work, LaSalle makes available to you a data base service called “SafeAssign”. You instructor will give you all the information to use it. The purpose of this service is to help you identify areas where you might improve our writing and source referencing. Pursuing a higher education while working full-time and/or raising a family can be challenging at times. I admire your tenacity and efforts. When things get difficult in this class (or in others) and as deadlines loom ahead, remember that you are working towards a goal that will benefit you and your family for a lifetime! Having said this, please understand that we must adhere to established guidelines of high academic standards and communication procedures. Some of these standards and procedures are outlined below. Please refer to the syllabus for additional course expectations. LATE WORK POLICY Work will not be accepted more than one week late. Late submissions will receive a 10% penalty. Completing the assignments is critical to learning in this course. COMMUNICATION Please be aware that you may send me a message in the Blackboard course with a question or concern. Please allow 24 hours for a response. In most cases the reply will be much sooner. I believe that prompt and relevant feedback to your questions, concerns, and posts is of extreme importance. Concerning your message, you must put your NAME, YOUR CLASS AND THE ASSIGNMENT OR ISSUE YOU ARE REFERRING TO IN THE SUBJECT LINE OR the reply may be delayed. Please comply with this request to ensure a prompt response from me. Furthermore, feel free to post questions in discussion threads but address them specifically to me so I know it's something you want me to look at as soon as possible. Another mode of communication is the main chat room in the course which allows us to chat in "real-time" during a mutually arranged appointment.
Last Modified: 3/3/2016
Page 6 of 8
© 2016 LaSalle University
School of Arts and Sciences MS Economic Crime Forensics/MS Information Technology Leadership ECF/INL 665 Computer Digital Forensics
ETIQUETTE Please understand that there is a certain type of etiquette that must be upheld in the class when posting in discussion areas and when turning in college work. To this end, refrain from slang, derogatory language, caps, and any potentially offensive forms of expression. Hence, when you approach your instructor or other students with questions or comments, you should always maintain a professional tone. DISCUSSION BOARD TIPS
Most times you will be replying to the same topic each week. You will stay within the thread to keep the conversation threaded. This does not mean you cannot start your own topic within a topic. If so, start your own with a unique topic. Keep your responses short and to the point. Remember, everyone needs to read all of the posts. Try to keep within two paragraphs. Be articulate as you can and at the same time exercise brevity. If you want to post something with more than one point, break it up into two posts. This will allow someone to reply to only one point. If you post a comment and it does not sound the way you expect it to go back and respond to your own post to clarify your point. Go ahead and address someone personally. This is great for creating a sense that you are really “speaking” to that person. In fact, it helps all the readers follow the threads in the discussions easily. Feel free to be funny. Everyone likes humor - especially if you are relating to a personal experience. Paste Web links into your message to help prove a point or bring attention to a new way of thinking. Just a word of caution: don’t depend on Web links to prove your point, use it as supporting information only. You should always be involved in the discussion drawing from your own knowledge base and your own experiences. Be aware of your tone – irony doesn’t always work it could be completely misinterpreted. The professor and your classmates can not see your facial expressions online and your comment may be taken the wrong way. Your posts should be full sentences. Do not use the new IM language derived from writing instant messages on the Web. Not everyone understands the IM language. Besides your discussion responses are to be thoughtful and critical observations about the subject matter. Only use caps for emphasis otherwise it may sound as if you are yelling.
Last Modified: 3/3/2016
Page 7 of 8
© 2016 LaSalle University
School of Arts and Sciences MS Economic Crime Forensics/MS Information Technology Leadership ECF/INL 665 Computer Digital Forensics
Be aware of spelling and grammar. Use the same standards that you would in the classroom. Criticize the idea, not the person. Be constructive in criticism and offer alternatives.
GRADES Grades will be posted in the Blackboard grade book within one week after the scheduled due date. Grade book questions should not be asked before the one week window. A -- superior level of competency (94-100) -- very good level of competency (90-93) B+ -- good level of competency (88-89) B -- average, satisfactory level of competency (83-87) B- -- less than average level of competency (80-82) C -- marginally satisfactory level of competency (70-79) F -- failure to demonstrate a satisfactory level of competency (below 70) I -- work not completed within the current semester period W -- an authorized withdrawal from a course (This must be processed by the graduate office.)
ASSIGNMENT SUBMISSION Please be certain to turn work into the appropriate area under the appropriate title. HYBRID/ONLINE EQUIVALENCY Online Activity Discussions and Postings and Quizzes Synchronous Sessions Hands-on Lab Videos/Lectures Total
Last Modified: 3/3/2016
Hours 8.0 10.0 16.0 10.0 44.0
Page 8 of 8
© 2016 LaSalle University