From: <Saved by Windows Internet Explorer 7>
Subject: FOR 240: Course Overview & Syllabus
Date: Tue, 26 Aug 2008 10:42:37 -0400
MIME-Version: 1.0
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Content-Location: file://C:\Documents and Settings\jenica.norrish\Local Settings\Temporary Internet Files\Content.Outlook\N9CHF4ID\Kara_Fall08_FOR_240_Course_Overview__Syllabus.htm
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>FOR 240: Course Overview & Syllabus</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dwindows-1252">
<META content=3D"MSHTML 6.00.6000.16705" name=3DGENERATOR></HEAD>
<BODY><FONT size=3D3>
<TABLE align=3Dcenter border=3D0>
  <TBODY>
  <TR>
    <TD vAlign=3Dcenter><IMG src=3D""></TD>
    <TD width=3D40>&nbsp;</TD>
    <TD vAlign=3Dtop align=3Dmiddle><FONT face=3Darial,helvetica =
color=3Dblue>
      <H2>Computer Forensics I<BR>FOR 240-40</H2></FONT>
      <H3>Course Overview &amp; Syllabus</H3>Lisa Kara <BR><BR><BR><B>[[ =
<I><A=20
      =
href=3D"file:///C:/Documents%20and%20Settings/jenica.norrish/Local%20Sett=
ings/Temporary%20Internet%20Files/Content.Outlook/N9CHF4ID/Kara_Fall07_FO=
R%20240%20Course%20Calendar.htm">Link=20
      to Course Calendar</A></I> ]]</B> =
</FONT></TD></TR></TBODY></TABLE><BR><BR>
<BLOCKQUOTE>
  <P><B><I>Hello!</I></B> and welcome to <I>Computer Forensics I</I>. I =
hope=20
  that you find the course fun and interesting.</P>
  <CENTER><IMG src=3D""></CENTER>
  <P>This course covers topics related to criminal justice and computer=20
  technology and is, by it's nature, a multi-disciplinary course =97 =
which is why=20
  this course was originally team developed and taught by a computer guy =
and a=20
  police officer. <I>Forensics</I> is the use of science in a court of =
law; this=20
  course looks specifically at how one obtains evidence off of a =
computer and=20
  from network messages and logs, preserving the evidentiary chain, and =
the=20
  legal aspects of the search and seizure of computers and related=20
  equipment/information. To that end, we will cover a large set of =
topics,=20
  including:</P>
  <UL>
    <LI>Introduction to computer and Internet technology=20
    <UL>Computer components; computer media; the Internet, the Web, and=20
    TCP/IP</UL>
    <LI>Types of computer and Internet crimes=20
    <LI>Investigations=20
    <UL>The process of computer forensics and digital investigations; =
legal=20
      methods to obtain the computer; jurisdictions and agencies; =
Internet=20
      investigations (e-mail, IRC, chat rooms, etc.); IP addresses and =
domain=20
      names; investigative methods</UL>
    <UL>Constitutional law, search and seizure guidelines, case law; =
Privacy=20
      Protection Act (PPA); Electronic Communications Privacy Act =
(ECPA);=20
      seizing electronic evidence; investigative and testimonial =
challenges;=20
      CALEA; international computer crime laws</UL>
    <LI>Forensics=20
    <UL>Types of computers (e.g., laptops, watches, cell phones); =
Windows and=20
      Unix file storage; handling computers and media (seizure and =
maintaining=20
      the integrity of evidence); searching and retrieving information;=20
      encryption and steganography basics; tools (e.g., Sam Spade, ping, =

      traceroute, whois, netstat, EnCase, FTK, WinHex)</UL></LI></UL>
  <P>This course will present varying levels of detail on the topics =
above. It=20
  is expected that technology students will be more familiar with =
computers and=20
  networks than the Criminal Justice students but less familiar with the =
legal=20
  aspects, and vice versa. Part of the course experience will be the =
blending of=20
  student expertise in the formation of teams. This is intended to be a =
general,=20
  practical course.</P>
  <P><B><I><FONT face=3DArial color=3Dblue>Course prerequisite: =
</FONT></I></B>NET=20
  120 (Computers and Telecommunications)</P>
  <P>It is expected that incoming students to this course have basic =
familiarity=20
  with computers, the Internet, and the law.</P>
  <P><B><I><FONT face=3DArial color=3Dblue>Student =
outcomes:</FONT></I></B></P>
  <P>Upon completion of this course, students will be able to:=20
  <UL>
    <LI>Describe the role of computer forensics in a criminal =
investigation.=20
    <LI>Demonstrate the ability to perform a basic computer forensic =
analysis=20
    using computer and network-based tools.=20
    <LI>Articulate the laws applying to the appropriation of computers =
for=20
    forensic analysis, citing what laws are relevant and apply under =
what=20
    circumstances.=20
    <LI>Describe the underlying concepts of how data are stored on =
computers and=20
    the general structure of the Internet.=20
    <LI>Apply current industry best-practices to the analysis of some=20
    hypothetical and real case scenarios. </LI></UL><B><I><FONT =
face=3DArial=20
  color=3Dblue>
  <P>Instructor contact information:</P></FONT></I></B><B>LISA KARA</B>=20
  <BR><BR>Since this is an online course, I do not maintain "regular" =
office=20
  hours. <BR>I am available for telephone consultation, by appointment, =
and by=20
  email. I check my email several times throughout the day. =
<BR><BR>Phone:=20
  703-303-6948 <BR>Email addresses: <A=20
  =
href=3D"mailto:lisa.kara@champlain.edu">mailto:lisa.kara@champlain.edu</A=
><BR><BR><B><I><FONT=20
  face=3DArial color=3Dblue><BR><BR>
  <P>Texts and supplementary resources:</P></FONT></I></B><IMG src=3D""=20
  align=3Dleft>=20
  <P>The first <B>required text</B> for this course is <I>Computer =
Forensics:=20
  Principles and Practices</I></A> by Linda Volonino, Reynaldo Anzaldua, =
and=20
  Jana Godwin (Pearson Prentice-Hall, 2007). This book is a very good =
=97 and=20
  highly readable =97 introductory text. It is not <B>the</B> complete =
work on=20
  computer forensics, however, and other readings from the Web and =
handouts will=20
  also be assigned to supplement the text. (<I>Disclosure notice:</I> =
Gary C.=20
  Kessler is listed as a contributing author of this book largely =
because the=20
  book's authors used some of the papers from the GaryKessler.net Web =
site. Gary=20
  receives no financial incentive to use this book.)</P>
  <P>The second <B>required text</B> for the course is <I>First =
Responder's=20
  Guide to Computer Forensics</I> by Richard Nolan et al. (Carnegie =
Mellon,=20
  2005) (<A href=3D"http://www.cert.org/archive/pdf/FRGCF_v1.3.pdf"=20
  target=3D_blank>Source #1</A> | <A=20
  =
href=3D"http://digitalforensics.champlain.edu/download/CERT_FR_Guide_to_C=
omputer_Forensics.pdf"=20
  target=3D_blank>Source #2</A>). This volume, a free download from the =
Internet,=20
  contains excellent information about the technical and legal aspects =
of the=20
  computer forensics process.</P><IMG src=3D"" align=3Dright>=20
  <P>One of the definitive texts in this field is <A=20
  href=3D"http://www.amazon.com/exec/obidos/ASIN/0121631044"=20
  target=3D_blank><I>Digital Evidence and Computer Crime</I>, 2nd =
ed.</A> by=20
  Eoghan Casey (Academic Press, 2004). This book provides excellent =
broad=20
  coverage of the field, including computer and network basics, digital=20
  investigations, legal issues, and computer crime. While an excellent=20
  professional reference and graduate text, the book is a tough read at =
the=20
  introductory level. C&amp;DF majors may wish to eventually purchase =
this text.=20
  (A review of this book can be found at <A=20
  =
href=3D"http://www.garykessler.net/library/Casey_DE&amp;CC_review.html"=20
  target=3D_blank>GaryKessler.net</A>.)</P>
  <P>These are by no means the only books available on this topic; there =
are at=20
  least a dozen books currently available on computer forensics and each =
has its=20
  own strengths and weaknesses. Students are encouraged to investigate =
other=20
  texts as their studies progress.</P>
  <P><A href=3D"http://www.garykessler.net/library"=20
  target=3D_blank>GaryKessler.net</A> has a number of papers and =
articles on=20
  topics related to this course and you should feel free to read and =
peruse=20
  them! In addition, a set of computer forensics URLs, including many to =
the=20
  legal aspects, can be found at <I><A=20
  href=3D"http://www.garykessler.net/library/forensicsurl.html"=20
  =
target=3D_blank>http://www.garykessler.net/library/forensicsurl.html</A><=
/I>.</P>
  <P><A href=3D"http://www.adobe.com/products/acrobat/readstep2.html"=20
  target=3D_blank><IMG src=3D"" align=3Dleft border=3D0></A> &nbsp; =
Finally, be sure to=20
  download the free Adobe Acrobat reader to be able to view course =
lecture notes=20
  and other course resources.</P><BR><B><I><FONT face=3DArial =
color=3Dblue>
  <P>Attendance, Homework, and Grading:</P></FONT></I></B>
  <P>Active participation in this course is particularly important given =
the=20
  multidisciplinary nature of the subject matter and the =
multidisciplinary=20
  makeup of the students in the class. Students will be assigned to =
teams=20
  comprising at least one criminal justice expert and one computer =
expert for at=20
  least one assignment; these teams will work together so that both =
"sides"=20
  learn about the other. Participation is also important so that you can =
take=20
  notes on the lectures and other activities that will supplement the =
course=20
  instructional material. Also note that the lecture is not intended to =
replace=20
  actually reading the text book!</P>
  <P>Homework and other assignments will also be given in this course.=20
  <I>Homework assignments</I> are generally due the week after they are=20
  distributed and <I>case project assignments</I> are due one week after =
they=20
  are assigned. The <I>final project</I> will be assigned approximately =
three=20
  weeks before it is due.</P>
  <P>There is a writing assignment that will be periodically assigned =
called the=20
  "Computer Crime Topic of the Week (TOW)." This is a one- to two-page=20
  (single-spaced) assignment, consisting of a summary of the current =
reading=20
  assignment plus a brief piece of independent research =97 something =
from a Web=20
  site, news report, or other timely item that relates to the reading. =
I'd like=20
  to know what you found important or significant about the week's =
reading; what=20
  interested you, what resonated, what was new, etc., etc. =97 and =
<I>why</I>?=20
  Cite the relevant article or URL, and describe why you chose that =
article and=20
  why you think it important. Think critically about these issues and =
involve=20
  yourself in your writing =97 e.g., outlawing certain activities to aid =
law=20
  enforcement might sound good at first blush but does it really make =
sense; why=20
  or why not? The TOW needs to relate to the reading but can come from =
anywhere:=20
  a mailing list that you monitor, some security-related site, a friend, =
the=20
  <I>Burlington Free Press</I>, an experience from your workplace, etc. =
Use your=20
  imagination and get used to thinking about this.</P>
  <P>Each of you will be asked to present at least one of your TOWs to =
the=20
  class. And remember this quote from Herb Caen, former columnist for =
the <I>San=20
  Francisco Chronicle</I>: "Any clod can have the facts, but having an =
opinion=20
  is an art." Have an opinion!!!</P>
  <P>There will be a final project in this course where you need to do =
some=20
  research on pretty much any computer foresnics-related topic of your =
choice.=20
  The project will have two parts; a paper and a presentation. More =
detail will=20
  be provided during the semester but you can start thinking about =
topics at any=20
  time.</P>
  <P><FONT face=3D"Comic SANS MS, helvetica">Finally, all assignments =
have a due=20
  date. Late assignments will be accepted only in extraordinary =
circumstances=20
  <B><I>and</I></B> only with the instructor's permission. Please note =
that=20
  "notifying" me that an assignment will be late is <B>not</B> the same =
as=20
  getting my permission!</FONT></P>
  <P>Final course grades will be calculated roughly as follows:</P>
  <UL>
    <LI>Homework assignments (10): 20%=20
    <LI>Case project assignments (4): 20%=20
    <LI>Final project paper/"presentation": 10%=20
    <LI>Attendance and participation: 15%=20
    <LI>Presentation of your TOW: 5%=20
    <LI>Midterm: 15%=20
    <LI>Final Exam: 15% </LI></UL>
  <P>The College's standard numerical scale for calculating final grades =
is as=20
  follows:</P>
  <TABLE align=3Dcenter border=3D0>
    <TBODY>
    <TR>
      <TD align=3Dmiddle>A</TD>
      <TD align=3Dmiddle>A-</TD>
      <TD align=3Dmiddle>B+</TD>
      <TD align=3Dmiddle>B</TD>
      <TD align=3Dmiddle>B-</TD>
      <TD align=3Dmiddle>C+</TD>
      <TD align=3Dmiddle>C</TD>
      <TD align=3Dmiddle>C-</TD>
      <TD align=3Dmiddle>D+</TD>
      <TD align=3Dmiddle>D</TD>
      <TD align=3Dmiddle>D-</TD>
      <TD align=3Dmiddle>F</TD></TR>
    <TR>
      <TD>93+</TD>
      <TD>90</TD>
      <TD>87</TD>
      <TD>83</TD>
      <TD>80</TD>
      <TD>77</TD>
      <TD>73</TD>
      <TD>70</TD>
      <TD>67</TD>
      <TD>63</TD>
      <TD>60</TD>
      <TD>59-</TD></TR></TBODY></TABLE><B><I><FONT face=3DArial =
color=3Dblue>
  <P>Applicability of Core Competencies</P></FONT></I></B>
  <P>The Champlain College faculty and administration have committed =
that our=20
  curricula will address these seven critical core competencies:</P>
  <UL>
    <LI>Technology=20
    <LI>Critical and Creative Thinking=20
    <LI>Global Awareness=20
    <LI>Oral Communication=20
    <LI>Written Communication=20
    <LI>Quantitative Literacy=20
    <LI>Ethical Reasoning </LI></UL>
  <P>This course addresses these competencies as outlined below.</P>
  <P><B>Technology</B></P>
  <P>This course covers basic concepts related to computers and =
networks, the=20
  application of this technology to law enforcement and information =
security=20
  incident response, and the relationship of current laws to this =
technology.=20
  Analysis of the contents of computers and network traffic is a growing =
field=20
  affecting business, government, the military, education, and more. =
This course=20
  discusses a wide range of issues related to computer, network, and=20
  telecommunications technologies, including hardware, operating =
systems,=20
  software, network applications, and communication protocols.</P>
  <P><B>Critical and Creative Thinking</B></P>
  <P>Due to the broad and highly technical nature of computer and =
network=20
  forensics, the ability to think critically must become second nature =
to its=20
  practitioners. While there are some well-defined processes and =
procedures for=20
  the forensic analysis of computers, every scenario is slightly =
different and=20
  forensic computing remains as much art as it is science. By discussing =
and=20
  analyzing various real and hypothetical case scenarios, students will =
learn=20
  how to determine what needs to be analyzed, what evidence is being =
sought,=20
  what tools are most applicable to the task at hand, and the most =
efficient way=20
  to perform the analysis.</P>
  <P>In any computer examination, the individual component must be =
understood as=20
  well as the big picture. Computers are examined as part of a larger=20
  investigation; the very nature of this business is critical =
thinking.</P>
  <P>And there is more. A digital forensics examiner must analyze =
someone else's=20
  computer in the context of some event and think like that other =
person.=20
  Everything done on a computer or on the Internet leaves a trace; the =
digital=20
  forensics professional has to find those traces =97 and that means =
being able to=20
  think like the Bad Guy.</P>
  <P>Critical thinking is reinforced by homework assignments and =
classroom=20
  discussions. Rather than focus on bare "facts," the homework and class =

  meetings focus more on how the subject matter integrates with other =
things=20
  that student know and will learn in the future. We also examine how =
students=20
  attitudes change as their level of knowledge =97 and responsibility =
=97=20
  changes.</P>
  <P><B>Global Awareness</B></P>
  <P>International awareness is not a major focus of this course and, in =
fact,=20
  there are few aspects of computer forensics that are =
geography-specific. The=20
  technology is relatively universal and, therefore, the technical =
solutions are=20
  universal. Laws, however, vary country-by-country so that actions that =
are=20
  illegal in some countries are legal in others (such as unleashing a =
virus).=20
  Although not emphasized, the course does describe some of the =
geographical,=20
  political, and cultural differences as they apply to legal aspects, =
privacy=20
  expectations, and cooperation between law enforcement agencies from =
different=20
  countries.</P>
  <P><B>Oral and Written Communication</B></P>
  <P>Computer forensics is a part of the overall criminal justice =
process and=20
  can be made totally useless if the investigator cannot effectively =
communicate=20
  forensics findings both in written form (such as a report or other =
affidavit)=20
  and verbal form (such as a deposition or court testimony). These =
skills will=20
  extend those learned in other classes by use of papers, student =
presentations,=20
  and the demonstration of proper computer forensics techniques.</P>
  <P>The digital forensics professional must be able to communicate to =
many=20
  audiences on many levels:</P>
  <UL>
    <LI>Communication with peers and managers at the technical level. =
This=20
    requires an understanding of computer, networking, and security =
concepts, as=20
    well as the proper vernacular.=20
    <LI>Communication with attorneys, judges, juries, and users, =
generally at a=20
    non-technical level. A successful technologist must be able to =
communicate=20
    the technical findings in an understandable and compelling way. This =
is=20
    often the most challenging portion of a professional's development.=20
    <LI>Communication with individuals at all levels within an =
organization with=20
    all levels of understanding. This includes upper management and =
supervisors=20
    to peers and subordinates, ranging from the technophobe to the =
technophile.=20
    </LI></UL>
  <P>This course will provide students with ample opportunity to =
practice their=20
  communication skills through the weekly homework assignments and =
classroom=20
  discussions, but even more so through the research project that is =
part=20
  research paper, part oral presentation, and part presentation =
graphics. All=20
  assignments include grammar and composition as a component of =
grading.</P>
  <P><B>Quantitative Literacy</B></P>
  <P>Digital forensics professionals have to be able to analyze patterns =
of=20
  activity to differentiate between normal and abnormal activity, as =
well as to=20
  find information within the context of an investigation. Most of the=20
  information on computers and networks involves numbers and symbols, =
and the=20
  computer/network analyst needs to be able to find the events that are=20
  pertinent to a case =97 both incriminating and exculpatory. This =
course will=20
  provide students with ample opportunity to practice quantitative =
literacy=20
  through the weekly homework assignments and classroom discussions.</P>
  <P><B>Ethical Reasoning</B></P>
  <P>The use of networks and information often requires ethical =
considerations =97=20
  e.g., how to employ individuals' private information that is stored on =
a=20
  computer or Web site, adherence to usage polices and the law, and how =
to=20
  respond to a potentially unethical request by a supervisor. =
Furthermore,=20
  computer forensics managers are involved in the discovery of =
information that=20
  can be used as evidence against them =97 or to support them. The =
responsibility=20
  of the computer forensics examiner is high and ethical behavior is a =
key=20
  element in one's credibility. Ethical reasoning is specifically =
addressed in=20
  this course.</P><B><I><FONT face=3DArial color=3Dblue>
  <P>Students with Disabilities</P></FONT></I></B>
  <P>If you believe that you have a disability requiring accommodations =
in this=20
  class, please contact the Coordinator of Support Services for Students =
with=20
  Disabilities as soon as possible. After you receive your accommodation =
form,=20
  please see me so I can work with you to implement them in a timely=20
fashion.</P>
  <P><B>Contact:</B> Allyson Krings, Coordinator of Support Services for =

  Students with Disabilities (Hauke 007i, 802-651-5961, <A=20
  =
href=3D"mailto:krings@champlain.edu"></I>krings@champlain.edu</I></A>)</P=
><B><I><FONT=20
  face=3DArial color=3Dblue>
  <P>Academic Honesty Policy</P></FONT></I></B>
  <P>The Champlain College Student Handbook (<I>The Rudder</I>) =
describes the=20
  College's Academic Honesty policy. If the instructor suspects that a =
student=20
  has plaigarzied or otherwise cheated on an assignment =97 i.e., to =
either=20
  actually or attempt to knowingly give, receive, or use work that is =
not your=20
  own =97 the instructor can give a 0 on that assignment.</P>
  <P>This is not to suggest that the college or the program discourages =
your=20
  collaboration with students and others; in fact, we encourage as much=20
  collaboration as possible. The point of this policy is that work that =
you=20
  submit as your own <I>has</I> to be your own! If you work with another =
person=20
  or other resource that helps you learn an answer to something, that's =
fine =97=20
  but what you turn in should be in your own words and clearly =
demonstrate=20
  <B>your</B> understanding. If you're unsure, indicate on your paper =
that you=20
  worked with others.</P>
  <P><I>Don't cheat; there's no margin in it!!</I> If you have a =
problem, talk=20
  to me instead.</P></BLOCKQUOTE><BR><BR></FONT></BODY></HTML>