![]() |
Course: ITS291 First Term: 2005 Spring
Final Term: Current
Final Term: 2018 Summer
|
Lec + Lab 4 Credit(s) 5 Period(s) 4.7 Load
Credit(s) Period(s)
Load
Subject Type: OccupationalLoad Formula: S |
MCCCD Official Course Competencies | |||
---|---|---|---|
1. Identify, describe, and explain the purpose of major stages of forensic analysis of computers. (I)
2. Identify, describe, and explain the function of components in various types of computer hard drives. (II) 3. Explain the logical structure of data stored on various types of hard drives. (III) 4. Identify, describe the logical structure of, and explain the purpose of the major components of a Windows-based file system and common Windows-based applications. (IV) 5. Compare and contrast the logical structure of a Windows-based file system with that of a Unix/Linux-based file system. (V) 6. Demonstrate forensically sound techniques for preserving hard drive data for analysis. (VI) 7. Identify, extract, and interpret common items of interest from a hard drive that contains a Windows-based operating system. (VII) 8. Produce structured documentation of forensic analysis. (VIII) | |||
MCCCD Official Course Competencies must be coordinated with the content outline so that each major point in the outline serves one or more competencies. MCCCD faculty retains authority in determining the pedagogical approach, methodology, content sequencing, and assessment metrics for student work. Please see individual course syllabi for additional information, including specific course requirements. | |||
MCCCD Official Course Outline | |||
I. Forensic Analysis of Computers
A. Preserving the Data B. Identifying Data C. Extracting Data D. Interpreting Data E. Documenting Results of the Analysis II. Hard Drive Components A. Controller Types B. Platters C. Spindles D. Read/Write Head III. Logical Drive Structure A. Volumes B. Partition Tables C. Partitions D. Tracks and Cylinders E. Sectors F. Clusters G. Slack space H. Unallocated Space I. Boot Track IV. Windows File Systems & Components A. File Allocation Table (FAT)/ FAT16/FAT32 B. New Technology File System (NTFS) C. Folders and File Structure D. Registry Structure E. Common Application Data Locations and Properties V. Unix/Linux Files Systems A. Explicit Mounting B. ext2 File System C. ext3 File System VI. Preserving Hard Drive Data A. System Shutdowns B. Controller Cables C. Power Cables D. Basic Input Output Bus (BIOS) Settings E. Bootable Diskettes F. Forensic Imaging G. Creating Hash Sets VII. Identifying and Extracting Data A. Copying and Un-erasing Files B. Using Third-party Utilities to View Files C. Identifying, Recovering, and Viewing Image filesp D. Exporting Applications E. Tracking Internet Activity F. Recycle Bin Recovery VIII. Documenting the Forensic Analysis A. Contemporaneous Note-taking B. Digital Photographs of Initial System State C. Cataloging Information Using the Forensic Tools D. Organizing the Findings E. Presenting the Results F. Supporting the Results | |||
MCCCD Governing Board Approval Date:
12/14/2004 |