| Searching Current Courses For Fall 2016 |
|
Course: |
PSM 224
|
|
Title: | Forensic Computer Analysis IV |
|
Long Title: | Forensic Computer Analysis: Computer Forensics IV |
|
Course Description: | Provides a look into computer encryption and data security as it pertains to computer forensics. Hands-on learning of data recovery practices, breaking of encryption and passwords, along with an inside look at the Windows 2000 NTFS file system. |
|
Min Credit: | 3 |
|
Max Credit: | |
|
Course Notes: | unique to CCD |
|
Origin Notes: | CCD |
STANDARD COMPETENCIES:
I. Discuss the breaking of encryption
II. Discuss the recovery of passwords used to secure files
III. Discuss how to make an evidence grade backup of a computer hard disk drive
IV. Discuss the correct process for seizing a computer
V. Define the benefits and disadvantages of pulling the plug on an NTFS based computer seized
VI. Define the structure of the NTFS data storage method and processes tied to erased files and file slack
VII. Discuss NTFS and its reliance upon a Master File Table
VIII. Discuss the processing of an NTFS RAID system with forensic software
IX. Discuss how the ¿recycle bin¿ works and leaves a forensic trail behind
X Discuss data streams and how they can hold hidden information
XI. Discuss and define Windows2000 and XP encryption methods and how it affects computer evidence processing.
TOPICAL OUTLINE:
I. Exercises in breaking of encrypted data and recovery of passwords
II. Exercise in creating a backup of a computer hard disk for the purpose of evidence
III. Procedures and guidelines for seizing a computer
IV. Benefits and disadvantages of turning off the power of an NTFS based computer as it affects forensic data recovery
V. Overview of NTFS data storage methods
VI. Recovering data from a RAID and NTFS RAID system
VII. Examining the evidence trail left by recycle bin
VIII. Searching data streams for hidden data
IX. How Windows2000 and Windows XP encrypt data and the affect on computer evidence processing
Skip to top of page