Cyber Investigations and Forensics

Course Description

CYBV 388 provides students with an understanding of intrusion detection methodologies, tools, and approaches to incident response; examination of computer forensic principles, including operating system concepts, registry structures, file system concepts, boot process, low level hardware calls, and file operations; and an exploration of the ethical and legal issues attendant to cyber investigations and forensics. CYBV 388 conforms to the National Security Agency (NSA) Center of Academic Excellence in Cyber Operations (CAE-CO) academic requirements for Digital Forensics.

Learning Outcomes

The student will:

  • Understand the study of computer forensics as the science of collecting, preserving, and analyzing electronic data.
  • Identify and apply the techniques used in the collection and analysis of cyber-based evidence.
  • Recognize the problems of maintaining a secure technological environment, protecting the privacy and identify of individuals and maintaining confidentiality of information.
  • Understand the legal constraints on the collection, documentation, and presentation of evidence from Internet cybercrime investigations.
  • Demonstrate knowledge of forensics investigation principles and enforcement developments and trends in cyber investigations.
  • Understand a user’s activity, determine the manner in which an operating system or application has been subverted, recover “deleted” and/or intentionally hidden information from various types of media, and demonstrate proficiency with handling a large number of different kinds of devices.
  • Understand how to identify forensic artifacts left by attacks.
  • Understand how to acquire a forensically sound image.
  • Exercise critical thinking strategies including reasoning, problem solving, analysis and evaluation by:
    • Utilizing computer forensic technology.
    • Investigating cybercrimes in a simulated environment.
    • Collecting evidence, analyzing data, and presenting findings.