powered by
Center for Curriculum and Transfer Articulation
Computer Forensics Foundations
Course: ITS291

First Term: 2005 Spring
Lec + Lab   4 Credit(s)   5 Period(s)   4.7 Load  
Subject Type: Occupational
Load Formula: S

Description: Development of foundational computer forensic skills. Introduction to preserving, identifying, extracting, interpreting, and documenting computer data as part of a forensically sound analysis. Examination of the physical and logical structure of hard drives. Study of the logical structure of Windows-based file systems and common applications. Introduction to the logical structure of Unix/Linux-based file systems and common applications of commercial forensic tools

MCCCD Official Course Competencies
1. Identify, describe, and explain the purpose of major stages of forensic analysis of computers. (I)
2. Identify, describe, and explain the function of components in various types of computer hard drives. (II)
3. Explain the logical structure of data stored on various types of hard drives. (III)
4. Identify, describe the logical structure of, and explain the purpose of the major components of a Windows-based file system and common Windows-based applications. (IV)
5. Compare and contrast the logical structure of a Windows-based file system with that of a Unix/Linux-based file system. (V)
6. Demonstrate forensically sound techniques for preserving hard drive data for analysis. (VI)
7. Identify, extract, and interpret common items of interest from a hard drive that contains a Windows-based operating system. (VII)
8. Produce structured documentation of forensic analysis. (VIII)
MCCCD Official Course Competencies must be coordinated with the content outline so that each major point in the outline serves one or more competencies. MCCCD faculty retains authority in determining the pedagogical approach, methodology, content sequencing, and assessment metrics for student work. Please see individual course syllabi for additional information, including specific course requirements.
MCCCD Official Course Outline
I. Forensic Analysis of Computers
   A. Preserving the Data
   B. Identifying Data
   C. Extracting Data
   D. Interpreting Data
   E. Documenting Results of the Analysis
II. Hard Drive Components
   A. Controller Types
   B. Platters
   C. Spindles
   D. Read/Write Head
III. Logical Drive Structure
   A. Volumes
   B. Partition Tables
   C. Partitions
   D. Tracks and Cylinders
   E. Sectors
   F. Clusters
   G. Slack space
   H. Unallocated Space
   I. Boot Track
IV. Windows File Systems & Components
   A. File Allocation Table (FAT)/ FAT16/FAT32
   B. New Technology File System (NTFS)
   C. Folders and File Structure
   D. Registry Structure
   E. Common Application Data Locations and Properties
V. Unix/Linux Files Systems
   A. Explicit Mounting
   B. ext2 File System
   C. ext3 File System
VI. Preserving Hard Drive Data
   A. System Shutdowns
   B. Controller Cables
   C. Power Cables
   D. Basic Input Output Bus (BIOS) Settings
   E. Bootable Diskettes
   F. Forensic Imaging
   G. Creating Hash Sets
VII. Identifying and Extracting Data
   A. Copying and Un-erasing Files
   B. Using Third-party Utilities to View Files
   C. Identifying, Recovering, and Viewing Image filesp
   D. Exporting Applications
   E. Tracking Internet Activity
   F. Recycle Bin Recovery
VIII. Documenting the Forensic Analysis
   A. Contemporaneous Note-taking
   B. Digital Photographs of Initial System State
   C. Cataloging Information Using the Forensic Tools
   D. Organizing the Findings
   E. Presenting the Results
   F. Supporting the Results
MCCCD Governing Board Approval Date:  12/14/2004

All information published is subject to change without notice. Every effort has been made to ensure the accuracy of information presented, but based on the dynamic nature of the curricular process, course and program information is subject to change in order to reflect the most current information available.