Course

Evidence Imaging

Faculty
Commerce & Business Administration
Department
Computing Studies & Information Systems
Course Code
CSIS 3160
Credits
3.00
Semester Length
15 Weeks
Max Class Size
35
Method(s) Of Instruction
Lecture
Seminar
Course Designation
None
Industry Designation
CCSP,CEH,CFCE,CHFI,CISA,CISM,CISSP,CRISC,GCFA,GCFE,GSEC,OSCP
Typically Offered
To be determined

Overview

Course Description
This course covers the concepts and practical skills of gathering, collecting, and recovering various cyber-security artifacts as digital evidence that can be used in forensic analysis. The course introduces students to the different types of digital information stored in file, registry, application, internet, and network artifacts that should be gathered as evidence. Students will gain practical hands-on in using different tools such as EnCase, FTK and dd to create evidence image. Student will also learn how to analyze and to add interpretation to the raw data to conduct further analysis.
Course Content

 1.    Introduction of various systems where digital evidence can be gathered for forensic analysis
 2.    Different types of digital evidence
 3.    Evidence image creation using various tools such as EnCase, FTK and dd
 4.    File Recovery
 5.    Windows Registry evidence analysis
 6.    File and metadata analysis
 7.    Internet browser applications evidence
 8.    Windows log files analysis
 9.    File Carving
10.   Introduction to network evidence gathering and analysis
11.   Introduction to mobile data gathering and analysis

 

Learning Activities

The methods of instruction for this course will include lectures, seminars, and hands-on exercises.

Means of Assessment

Assessment will be in accordance with the Douglas College Evaluation Policy.

Assignments and Labs

10-25%

Quiz(zes)*

10-20%

Midterm Examination*

25-35%

Final Examination*

25-40%

Total

100%

 Some of these assessments may involve group work.

* Practical hands-on computer exam

In order to pass the course, students must, in addition to receiving an overall course grade of 50%, also achieve a grade of at least 50% on the combined weighted examination components (including quizzes, tests, exams).

Students may conduct research as part of their coursework in this class. Instructors for the course are responsible for ensuring that student research projects comply with College policies on ethical conduct for research involving humans, which can require obtaining Informed Consent from participants and getting the approval of the Douglas College Research Ethics Board prior to conducting the research.

 

Learning Outcomes

At the end of this course, the successful student will be able to:

  1. Explain the process of digital evidence gathering, imaging and analysis
  2. Describe the different sources of forensic artifacts in a system and be able to gather them as evidence
  3. Use tools to create evidence imaging such as EnCase, FTK and dd
  4. Mount the evidence image to a system and recover files for further analysis
  5. Use tools to analyze windows registry and NTUSER.DAT file
  6. Perform file and metadata analysis
  7. Gather and analyze internet evidence from the browser’s history, cookie, temporary internet files and INDEX.DAT file
  8. Search and analyze information from the Windows log files
  9. Perform file carving from unallocated space on a hard drive
  10. Describe the process to gather evidence from network devices and smart phone

 

Textbook Materials

Michael K. Robinson. Digital Forensics Workbook. Latest Edition and/or other textbook/s approved by the department

 

Requisites

Prerequisites

Min grade C in CSIS 2260

Corequisites

 

Equivalencies

Courses listed here are equivalent to this course and cannot be taken for further credit:

  • No equivalency courses

Course Guidelines

Course Guidelines for previous years are viewable by selecting the version desired. If you took this course and do not see a listing for the starting semester / year of the course, consider the previous version as the applicable version.

Course Transfers

These are for current course guidelines only. For a full list of archived courses please see https://www.bctransferguide.ca

Institution Transfer Details for CSIS 3160
Athabasca University (AU) AU COMP 2XX (3)
Coast Mountain College (CMTN) No credit
College of New Caledonia (CNC) CNC CSC 2XX (3)
Columbia College (COLU) COLU CSCI 2nd (3)
Kwantlen Polytechnic University (KPU) No credit
LaSalle College Vancouver (LCV) LCV VGP 2XX (3)
Simon Fraser University (SFU) No credit
Thompson Rivers University (TRU) TRU COMP 3XXX (3)
University Canada West (UCW) UCW CPSC 3XX (3)
University of Northern BC (UNBC) UNBC CPSC 299 (3)
University of the Fraser Valley (UFV) UFV CIS 2XX (3)

Course Offerings

Summer 2024

CRN
Days
Dates
Start Date
End Date
Instructor
Status
CRN
24191
Thu
Start Date
-
End Date
Start Date
End Date
Instructor Last Name
Vitus
Instructor First Name
Gabriel
Course Status
Waitlist
Section Notes

CSIS 3160 001 is restricted to students in the following programs: Computing Studies and Information Systems Diploma, PBD Computer & Info Systems (Data Analytics, Emerging Technology, and Cybersecurity), PDD Information & Communication Technology, and PDD Data Analytics.

Max
Enrolled
Remaining
Waitlist
Max Seats Count
35
Actual Seats Count
35
0
Actual Wait Count
13
Days
Building
Room
Time
Thu
Building
New Westminster - North Bldg.
Room
N5109
Start Time
8:30
-
End Time
11:20