Assignments 4 and 5 posted

MetaSpolit Command Summary

Useful Books in Resources

Note: Assignment 3 posted

NMap Command Summary Page

IP Address and NMap Scans Document

Network Servers

Installing a Server - Steps
Introduction to the Internet - Beta

General Networking Concepts

Midterm Review

Backtrack 4 Lecture
Backtrack 4 Lab
True Crypt Lab

Assignment 1 is reposted
Live Acquisition Lecture Posted
NetCat and Netsh Lecture Posted
Assignment 2 posted
Command Line Tutorial Lecture
Binary Numbering Tutorial
Drive Imaging Lecture

Class Overview

This is an introductory class in Computer Forensics and Information Warfare. The purpose of this class is to teach students the fundamentals of computer forensics and concepts behind Information Warfare. Students will learn the basic concepts behind these two areas and will understand what the field requires, what skills are required to succeed in this field, and what additional classes and topics they must learn. Students will be in a hands-on environment where they will use both windows and Linux to practice forensic and Information warfare skills. Students will be provided with the instructions and software necessary to create a virtual machine and install an OS on the virtual machine. A basic knowledge of computers and operating systems (Windows, Linux, Mac) is desirable.

Forensics TTH Class Schedule
Forensics M Class Schedule

 

What you will Learn

  • The various parts of the Computer Forensics field
  • The various parts of the Information Warfare field
  • Legal guidelines for collection and handling of computer evidence
  • Basic networking concepts as related to forensics and information warfare
  • Basic operating systems concepts as related to forensics and information warfare
  • How to gather and evaluate live computer evidence
  • How to acquire information from computer systems and networks
  • Forensic and Information Warfare tools
  • Aspects of various operating systems that affect information gathering
  • Aspects of network systems that affect information gathering
  • Network intrusion and network intrusion detection

Class Requirements

The textbook for this class is:

Guide to Computer Forensics and Investigations, 3rd Edition, 9781418067335Guide to Computer Forensics and Investigations, 3rd Edition
Bill Nelson 
Course Technology (www.course.com)
ISBN-10: 1418067334  
ISBN-13: 9781418067335693
Pages  © 2008

 

 

 

This textbook is available in the Campus bookstore, online from Amazon, or at a computer book store.

You will also need a USB drive to use in analysis. The USB drive should be at least 1 GB in size. The bookstore also has USB drives or you can use one you already own.

Grading and Evaluations

Students will be graded on five projects, a midterm exam, and a final exam. The projects will require the student to practice on a windows or Linux computer system. The midterm and final exams will be short answer and test over concepts from the textbook and lecture notes.

50 points for each project = 250
100 points for the midterm and final  = 200

The final grade will be calculated based on the following totals:

405 to 450 = A
360 to 404 = B
315 to 359 = C
270 to 314 = D
0 to 269 = F

All tests and assignments are due on the indicated days. No extensions or makeups are given. If you need special accommodations for the class you need to submit the appropriate paperwork to the Instructor in a timely fashion.

 

Assignments and Dates

Assignment 1
Assignment 2
Assignment 3
Assignment 4 and Assignment 5

Dates - TTH Class: August, September, October, November, December
Dates - M Class:  August, September, October, November, December

Lectures

Overview of Computer Forensics
What you need to know
Getting some Tools
Setting up Virtual Box
Forensics and Processes
Working with Windows - Software Architecture (PDF)
Live Acquisition Lecture
Command Line Tutorial Lecture
Binary Numbering Tutorial
Drive Imaging Lecture
Working with Windows - File Architecture
Working with Windows - Passwords and Security

Handouts

Steps for connecting to the network share
Tool List

Class Resources

Resources Page
Scalpel.zip
Steganography Links:
http://home.comcast.net/~ebm.md/stego/software.html - tools
http://www.jjtc.com/Steganography/tools.html -tools
 http://www.ibm.com/developerworks/web/library/wa-steganalysis/ general info

Interesting Books:

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Lyon (Amazon) - This is the official NMap book by the program's author.

Gray Hat Hacking, Second Edition by Shon Harris - This is a very good book on network intrusion. It shows how to use Metasploit among other things (Amazon)

The Rootkit Arsenal - by Bill Blunden - Amazing and very advanced book on creating rootkits. Primarily system intrusion material. (Amazon).