Jump to content

Computer Forensics

From Wikiversity

A basic synopsis of the field of computer forensics, its importance, and the knowledge involved.

Goals

[edit | edit source]

This course is designed to introduce the student to and familiarize the student with the basic concepts surrounding computer forensics. Topics that may (or may not) be covered include:

  • The scientific method
  • Investigating systems to determine whether anything illegal has been done
  • Investigation of storage devices
    • Hard disks
    • Compact disks
    • Solid state devices
  • Identify sources of evidence
  • Preserve evidence
  • Analyze evidence
  • Present the findings
  • Federal Rules of Evidence
  • Defeating countermeasures against forensic experts
  • Determining the level of expertise of a supposed criminal
  • Knowledge of how to shut down which machines
  • Encryption keys stored in RAM
  • Rules of evidence handling
  • Determining legal authority to seize, image, and examine each device
  • Sequence of examination

Prerequisites

[edit | edit source]

Requirements might include basic computer knowledge and use. Programming knowledge is a plus but not, so far, a requirement.

Development Timeline

[edit | edit source]

This course is under active development. I expect to (with all luck) have it completed by January of 2007, earlier if possible.

Enrollment

[edit | edit source]

This course is still undergoing the early stages of development - if you would like to put your name down as "interested" you can do it here.

Feedback

[edit | edit source]

Feedback is greatly appreciated and can be submitted via the talk page for the course or on my talk page.

Organization

[edit | edit source]

Lectures will reference the Computer Forensics WikiBook (which I will create one of these days if nobody else gets to it first) and the wikibooks for the other topics at hand (cryptography, criminal justice, etc.)