1. Introduction of various systems where digital evidence can be gathered for forensic analysis
2. Different types of digital evidence
3. Evidence image creation using various tools such as EnCase, FTK and dd
4. File Recovery
5. Windows Registry evidence analysis
6. File and metadata analysis
7. Internet browser applications evidence
8. Windows log files analysis
9. File Carving
10. Introduction to network evidence gathering and analysis
11. Introduction to mobile data gathering and analysis
The methods of instruction for this course will include lectures, seminars, and hands-on exercises.
Assessment will be in accordance with the Douglas College Evaluation Policy.
Assignments and Labs
Some of these assessments may involve group work.
* Practical hands-on computer exam
In order to pass the course, students must, in addition to receiving an overall course grade of 50%, also achieve a grade of at least 50% on the combined weighted examination components (including quizzes, tests, exams).
Students may conduct research as part of their coursework in this class. Instructors for the course are responsible for ensuring that student research projects comply with College policies on ethical conduct for research involving humans, which can require obtaining Informed Consent from participants and getting the approval of the Douglas College Research Ethics Board prior to conducting the research.
At the end of this course, the successful student will be able to:
- Explain the process of digital evidence gathering, imaging and analysis
- Describe the different sources of forensic artifacts in a system and be able to gather them as evidence
- Use tools to create evidence imaging such as EnCase, FTK and dd
- Mount the evidence image to a system and recover files for further analysis
- Use tools to analyze windows registry and NTUSER.DAT file
- Perform file and metadata analysis
- Gather and analyze internet evidence from the browser’s history, cookie, temporary internet files and INDEX.DAT file
- Search and analyze information from the Windows log files
- Perform file carving from unallocated space on a hard drive
- Describe the process to gather evidence from network devices and smart phone
Michael K. Robinson. Digital Forensics Workbook. Latest Edition and/or other textbook/s approved by the department
Course Guidelines for previous years are viewable by selecting the version desired. If you took this course and do not see a listing for the starting semester / year of the course, consider the previous version as the applicable version.
|Institution||Transfer Details||Effective Dates|
|Athabasca University (AU)||AU COMP 2XX (3)||2021/09/01 to -|
|College of New Caledonia (CNC)||CNC CSC 2XX (3)||2021/09/01 to -|
|Kwantlen Polytechnic University (KPU)||No credit||2021/09/01 to -|
|Simon Fraser University (SFU)||No credit||2021/09/01 to -|
|Thompson Rivers University (TRU)||TRU COMP 3XXX (3)||2021/09/01 to -|
|University Canada West (UCW)||UCW CPSC 3XX (3)||2021/09/01 to -|
|University of Northern BC (UNBC)||UNBC CPSC 299 (3)||2021/09/01 to -|
|University of the Fraser Valley (UFV)||UFV CIS 2XX (3)||2021/09/01 to -|