Course Title: Computer and Internet Forensics

Part A: Course Overview

Course Title: Computer and Internet Forensics

Credit Points: 12.00

Terms

Course Code

Campus

Career

School

Learning Mode

Teaching Period(s)

COSC2301

City Campus

Undergraduate

140H Computer Science & Information Technology

Face-to-Face

Sem 2 2006,
Sem 2 2007,
Sem 2 2009,
Sem 2 2010,
Sem 2 2011,
Sem 2 2012,
Sem 2 2013,
Sem 2 2014,
Sem 2 2015

COSC2301

City Campus

Undergraduate

171H School of Science

Face-to-Face

Sem 2 2018

COSC2302

City Campus

Postgraduate

140H Computer Science & Information Technology

Face-to-Face

Sem 2 2006,
Sem 2 2007,
Sem 2 2008,
Sem 2 2009,
Sem 2 2010,
Sem 2 2011,
Sem 2 2012,
Sem 2 2013,
Sem 2 2014,
Sem 2 2015

COSC2302

City Campus

Postgraduate

171H School of Science

Face-to-Face

Sem 2 2018

Course Coordinator: Dr Ron van Schyndel

Course Coordinator Phone: +61 3 9925 9677

Course Coordinator Email: ron.vanschyndel@rmit.edu.au


Pre-requisite Courses and Assumed Knowledge and Capabilities

This is an advanced course, and requires a significant amount of knowledge of fundamentals. You may not enrol in this course unless it is explicitly listed in your enrolment program summary, and you have confirmed with your program coordinator that it is an appropriate choice for your study plan.

Pre- or Co-requisite courses:

Enforced:

  • IT Infrastructure and Security
  • Introduction to Programming

Required Prior Knowledge:

  • a sound understanding of computer security and data communications, the structure and protocols of the Internet and details of computer storage. Courses such as Cloud Security and Secure Electronic Commerce cover these topics.

 

For more background information, see the Lynda website from the RMIT Library Guide at http://rmit.libguides.com/compsci.


Course Description

This course introduces students to the principles and practice of computer and internet forensics. Students will explore issues related to security of computer systems, accessing and analyzing data, reconstructing events, surveillance, intrusion prevention, intrusion detection, and recovery from breaches. This course is particularly aimed at students who have a strong interest in computer and information security.

Topics include:

  • Forernsically examining the state of desktop / mobile computer(s) left behind by an presumed offender to determine what happened.
  • Determining internet presence and activity which may have forensic significance
  • Learning the basics of evidence-gatehring and custody.
  • Basic file reconstruction as evidence
  • The use and limitations of visual evidence


Objectives/Learning Outcomes/Capability Development

This course is an option course for several programs

Program Learning Outcomes:

1. Enabling Knowledge:

You will gain skills as you apply knowledge with creativity and initiative to new situations. In doing so, you will demonstrate mastery of a body of knowledge that includes recent developments in computer science and information technology

2. Critical Analysis:

You will learn to accurately and objectively examine, and critically investigate computer science and information technology (IT) concepts, evidence, theories or situations, in particular to analyse and model complex requirements and constraints for the purpose of designing and implementing software artefacts and IT systems

3. Problem Solving:

Your capability to analyse complex problems and synthesise suitable solutions will be extended as you learn to: design and implement software solutions that accommodate specified requirements and constraints, based on analysis or modelling or requirements specification.

4. Communication:

You will learn to communicate effectively with a variety of audiences through a range of modes and media, in particular to: interpret abstract theoretical propositions, choose methodologies, justify conclusions and defend professional decisions to both IT and non-IT personnel via technical reports of professional standard and technical presentations.

5. Responsibility:

You will be required to accept responsibility for your own learning and make informed decisions about judging and adopting appropriate behaviour in professional and social situations. This includes accepting the responsibility for independent life-long learning and a high level of accountability. Specifically, you will learn to: effectively apply relevant standards, ethical considerations, and an understanding of legal and privacy issues to designing software applications and IT systems.


Upon successful completion of this course you should be able to:

  • CLO1: Apply your knowledge and understanding of computer security to identify security weaknesses and propose possible entry using them;
  • CLO2: Correctly isolate computer systems for investigation;
  • CLO3: Duplicate data and analyze it to recover latent information and reconstruct events;
  • CLO4: Trace and avoid entrapment by malicious internet activity;
  • CLO5: Analyze email and other online activity trails, such as social network analysis;
  • CLO6: Document and present gathered information in an appropriate manner for follow-up.


Overview of Learning Activities

 

The learning activities included in this course are:

  • Workshop: Key concepts will be explained as short lectures in which course material will be presented and the subject matter will be illustrated with demonstrations and examples; These will be interspersed with practical sessions that will provide the opportunity to consolidate and deepen your knowledge. The sessions include practical analysis and group problem-solving exercises to enable you to analyse, compare, rank and trouble-shoot computer system components and designs.
  • Private study: which should include working through the content as presented in classes and other learning materials, and gaining practice at solving conceptual and technical problems. It is essential to keep up to date with provided class exercises as well as doing your own broader reading on the topics covered.

 

A total of 120 hours of study is expected during this course, comprising:

Teacher-directed activities (36 hours): lectures, practical sessions. Each week there wille 3 hours of combined lecture and practical work. You are encouraged to participate through asking questions, commenting on the material based on your own experiences and through presenting solutions to written exercises. The tutorial / laboratory sessions will introduce you to the tools necessary to undertake the assignment work.  Both lectures and tute/labs have an associated set of online quizzes that need to be filled in each week.

Student-directed activities (84 hours): You are expected to be self-directed, studying independently outside class.


Overview of Learning Resources

The course is supported by the Canvas learning management system which provides specific learning resources.  In addition, there are many relevant textbooks beyond the ones suggested here, and open-source software is available for download from their respective sites (advised within class), and a large amount of general documentation is available on the software site, as well as elsewhere on the web.  See the RMIT Library Guide at http://rmit.libguides.com/compsci for more.

 

BYOD requirement

Since this course is interactive, you will need to bring along a personal laptop to class that is powerful enough to handle the software used.  See below for the minimum useful specifications

 

  • Recent MS Windows 10 Professional with native ability to virtualize, or Windows 7+ with VirtualBox software (free), or MacOS with ability to virtualise
  • 4GB of RAM minimum, 8GB+ preferred
  • USB memory stick capability
  • Ability to virtual-boot off USB memory stick is desirable
  • 10GB free space on hard disk for the various software and virtual instances
  • Reasonably powerful CPU, else everybody will be waiting for you.
  • Most recent laptops will have the above characteristics.


 


Overview of Assessment

The assessment for this course comprises online quizzes, computer laboratory practices, a lab test, a written assignments and a formal written end-of-semester examination. The lab practices and assignment involve implementation of logic gate and algebra solutions to problems, as well as reviewing current hardware systems capabilities when designing a system to meet stated needs.

Note: This course has no hurdle requirements.

 

Assessment tasks

 

Assessment Tasks 1:  Online Tests

Regular weekly tests which could be online aim to provide early and continuous feedback to help you learn and remember key points. 

Total Weighting 10 x (1%) = 10%

This assessment task supports CLOs 1, then 2, 3, 4, 5, 6 & 7 progressively throughout the semester

Assessment Task 2: Group Presentation

Weighting 10%

Students will form groups, and each week, a group will present a short
5 min presentation on a topic of interest.

This assessment task supports CLOs 1-6 depending on timing of the presentation.

Assessment Task 3: Group Presentation + Assignment

Weighting 10+20%

This assessment task supports CLOs 1, 2, 3, 4, 5 & 6

Assessment Task 4: Exam

Weighting 50%

This assessment task supports CLOs 1, 2 3, 4, 5, 6