Evidence Imaging

Faculty
Commerce & Business Administration
Department
Computing Studies & Information Systems
Course Code
CSIS 3160
Credits
3.00
Semester Length
15 Weeks
Max Class Size
35
Method Of Instruction
Lecture
Seminar
Typically Offered
To be determined

Overview

Course Description
This course covers the concepts and practical skills of gathering, collecting, and recovering various cyber-security artifacts as digital evidence that can be used in forensic analysis. The course introduces students to the different types of digital information stored in file, registry, application, internet, and network artifacts that should be gathered as evidence. Students will gain practical hands-on in using different tools such as EnCase, FTK and dd to create evidence image. Student will also learn how to analyze and to add interpretation to the raw data to conduct further analysis.
Course Content

 1.    Introduction of various systems where digital evidence can be gathered for forensic analysis
 2.    Different types of digital evidence
 3.    Evidence image creation using various tools such as EnCase, FTK and dd
 4.    File Recovery
 5.    Windows Registry evidence analysis
 6.    File and metadata analysis
 7.    Internet browser applications evidence
 8.    Windows log files analysis
 9.    File Carving
10.   Introduction to network evidence gathering and analysis
11.   Introduction to mobile data gathering and analysis

 

Methods Of Instruction

The methods of instruction for this course will include lectures, seminars, and hands-on exercises.

Means of Assessment

Assessment will be in accordance with the Douglas College Evaluation Policy.

Assignments and Labs

10-25%

Quiz(zes)*

10-20%

Midterm Examination*

25-35%

Final Examination*

25-40%

Total

100%

 Some of these assessments may involve group work.

* Practical hands-on computer exam

In order to pass the course, students must, in addition to receiving an overall course grade of 50%, also achieve a grade of at least 50% on the combined weighted examination components (including quizzes, tests, exams).

Students may conduct research as part of their coursework in this class. Instructors for the course are responsible for ensuring that student research projects comply with College policies on ethical conduct for research involving humans, which can require obtaining Informed Consent from participants and getting the approval of the Douglas College Research Ethics Board prior to conducting the research.

 

Learning Outcomes

At the end of this course, the successful student will be able to:

  1. Explain the process of digital evidence gathering, imaging and analysis
  2. Describe the different sources of forensic artifacts in a system and be able to gather them as evidence
  3. Use tools to create evidence imaging such as EnCase, FTK and dd
  4. Mount the evidence image to a system and recover files for further analysis
  5. Use tools to analyze windows registry and NTUSER.DAT file
  6. Perform file and metadata analysis
  7. Gather and analyze internet evidence from the browser’s history, cookie, temporary internet files and INDEX.DAT file
  8. Search and analyze information from the Windows log files
  9. Perform file carving from unallocated space on a hard drive
  10. Describe the process to gather evidence from network devices and smart phone

 

Textbook Materials

Michael K. Robinson. Digital Forensics Workbook. Latest Edition and/or other textbook/s approved by the department

 

Requisites

Prerequisites

Min grade C in CSIS 2260

Corequisites

 

Equivalencies

No equivalent courses.

Course Guidelines

Course Guidelines for previous years are viewable by selecting the version desired. If you took this course and do not see a listing for the starting semester / year of the course, consider the previous version as the applicable version.

Course Transfers

Institution Transfer Details Effective Dates
Athabasca University (AU) AU COMP 2XX (3) 2021/09/01 to -
College of New Caledonia (CNC) CNC CSC 2XX (3) 2021/09/01 to -
Kwantlen Polytechnic University (KPU) No credit 2021/09/01 to -
Simon Fraser University (SFU) No credit 2021/09/01 to -
Thompson Rivers University (TRU) TRU COMP 3XXX (3) 2021/09/01 to -
University Canada West (UCW) UCW CPSC 3XX (3) 2021/09/01 to -
University of Northern BC (UNBC) UNBC CPSC 299 (3) 2021/09/01 to -
University of the Fraser Valley (UFV) UFV CIS 2XX (3) 2021/09/01 to -

Course Offerings

Fall 2021

CRN
Days
Dates
Start Date
End Date
Instructor
Status
37009
Mon
07-Sep-2021
- 08-Dec-2021
07-Sep-2021
08-Dec-2021
Virani
Rahim
Open
CSIS 3160 001 is restricted to students in the following programs: Computing Studies and Information Systems Diploma, PDD Information & Communication Technology, PBD Emerging Technology, and both PDD/PBD Data Analytics. If you have any questions, please contact Stephen Chiong at chiongs@douglascollege.ca
Max
Enrolled
Remaining
Waitlist
35
9
26
0
Days
Building
Room
Time
Mon
New Westminster - North Bldg.
N6107
11:30 - 14:20
CRN
Days
Dates
Start Date
End Date
Instructor
Status
37010
Tue
07-Sep-2021
- 08-Dec-2021
07-Sep-2021
08-Dec-2021
Virani
Rahim
Open
CSIS 3160 002 is restricted to students in the following programs: Computing Studies and Information Systems Diploma, PDD Information & Communication Technology, PBD Emerging Technology, and both PDD/PBD Data Analytics. If you have any questions, please contact Stephen Chiong at chiongs@douglascollege.ca
Max
Enrolled
Remaining
Waitlist
35
11
24
0
Days
Building
Room
Time
Tue
New Westminster - North Bldg.
N5107
15:30 - 18:20