Overview

• An introduction to digital forensics. This is a hands-on course where you will learn the theory and practice of digital forensics.  You will learn about general forensic procedures, evidence handling, how to create a forensic copy and verify it, how to perform a logical and physical analysis of media, how to recover deleted files, and laws applying to digital forensics.

This course is taught at Daytona State College as part of the Engineering Technology program. 

Download Links

• Syllabus Spring 2014
• All course lectures and assignments

How My Classes Work

This class requires quite a few readings, those are essential to understanding digital forensics.  That being said, we learn best by doing. Just because you can explain something on paper doesn't mean you can actually perform a task.  Therefore we'll be doing LOTS of forensics. THERE ARE NO QUIZZES OR TESTS!

That doesn't mean this class is easy. In fact it's difficult.  You'll have to do some forensic tasks then write up a professional quality report. The report is VERY important as it's something you'll have to do in the real world. So you'll need to not only make sure you do your forensics correctly, but also do a good job of writing up the report!

We will be using VMWare and Linux extensively in this course. As CTS3348 is a prerequisite for this course that means you already understand how to work with VMWare and Linux. In fact you can use the same version of Linux you used for that course!

Prerequisites

Required: CTS3348 Linux Administration.

Course Outcomes

By the end of this course successful students will be able to:

• Identifying important digital forensic processes.
• Demonstrate the ability to create a forensic copy of a piece of digital media
•  Verify a forensic copy. 
• Identify structures of the FAT file system. 
•  Recover deleted files
•  Discuss laws related to computer evidence

Textbook

Guide to Computer Forensics and Investigations. Bill Nelson, Amelia Phillips, Christopher Steuart. ANY EDITION. 

I suggest you get a USED copy as they are much cheaper. I don't care WHERE you get it from, but you'll need it!

http://www.amazon.com/Guide-Computer-Forensics-Investigations-Nelson/dp/1435498836/ref=sr_1_3?ie=UTF8&qid=1406563171&sr=8-3&keywords=nelson+digital+forensics

Course Lectures

Click here to view All Course Lectures

Course lectures are usually 10-30 minutes long, and are in MP4 format.  More information is available or individual lectures in the link above.

I suggest you save each lecture to your hard drive so you may access it anytime. Pause when you need to. Replay when you need to.  Have you ever tried doing that in a 'live' class?  Maybe a couple of times, but now YOU are in control.

Also, an analogy: I bought Tiger Woods' book on golf.  Read the whole thing cover to cover. Now I can play golf just like Tiger. Nope.  Have to practice, again and again and again. Same thing goes for this class. Can't learn how to create firewalls, intrusion detection rules, etc., by just watching a video lecture. You MUST practice, as much as possible.  I highly suggest that while watching the video you have your Linux virtual machine running. Pause the video when I run a command. Run the command, see what it does.  Start the video, and repeat.  

You may ask: "Why are your videos so much shorter than a regular class?"  Have you ever seen a recording of a regular class?  Most of it is 'dead space,' nothing being said, idle chit chat, etc.  My lectures are intentionally 'dense' with material.  Take a 1.5 hour lecture, remove extraneous information, pauses, chit chat, dead space, and voila -- a condensed version that is 10-30 minutes. The 'Cliff Notes' of lectures (you young people may have to Google that).  

It takes more time to edit my videos than record them.  The condensed version allows you use YOUR time more wisely. There's no sense in doing it any other way. You're welcome. :)