Computer Forensics
A basic synopsis of the field of computer forensics, its importance, and the knowledge involved.
Goals[edit | edit source]
This course is designed to introduce the student to and familiarize the student with the basic concepts surrounding computer forensics. Topics that may (or may not) be covered include:
- The scientific method
- Investigating systems to determine whether anything illegal has been done
- Investigation of storage devices
- Hard disks
- Compact disks
- Solid state devices
- Identify sources of evidence
- Preserve evidence
- Analyze evidence
- Present the findings
- Federal Rules of Evidence
- Defeating countermeasures against forensic experts
- Determining the level of expertise of a supposed criminal
- Knowledge of how to shut down which machines
- Encryption keys stored in RAM
- Rules of evidence handling
- Determining legal authority to seize, image, and examine each device
- Sequence of examination
Prerequisites[edit | edit source]
Requirements might include basic computer knowledge and use. Programming knowledge is a plus but not, so far, a requirement.
Development Timeline[edit | edit source]
This course is under active development. I expect to (with all luck) have it completed by January of 2007, earlier if possible.
Enrollment[edit | edit source]
This course is still undergoing the early stages of development - if you would like to put your name down as "interested" you can do it here.
Feedback[edit | edit source]
Feedback is greatly appreciated and can be submitted via the talk page for the course or on my talk page.
Organization[edit | edit source]
Lectures will reference the Computer Forensics WikiBook (which I will create one of these days if nobody else gets to it first) and the wikibooks for the other topics at hand (cryptography, criminal justice, etc.)