Course Title: Computer and Internet Forensics

Part A: Course Overview

Course Title: Computer and Internet Forensics

Credit Points: 12.00

Terms

Course Code	Campus	Career	School	Learning Mode	Teaching Period(s)
COSC2301	City Campus	Undergraduate	140H Computer Science & Information Technology	Face-to-Face	Sem 2 2006, Sem 2 2007, Sem 2 2009, Sem 2 2010, Sem 2 2011, Sem 2 2012, Sem 2 2013, Sem 2 2014, Sem 2 2015
COSC2301	City Campus	Undergraduate	171H School of Science	Face-to-Face	Sem 2 2018
COSC2302	City Campus	Postgraduate	140H Computer Science & Information Technology	Face-to-Face	Sem 2 2006, Sem 2 2007, Sem 2 2008, Sem 2 2009, Sem 2 2010, Sem 2 2011, Sem 2 2012, Sem 2 2013, Sem 2 2014, Sem 2 2015
COSC2302	City Campus	Postgraduate	171H School of Science	Face-to-Face	Sem 2 2018

Course Coordinator: Dr. Maggie Liu

Course Coordinator Phone: by email

Course Coordinator Email: xiaoning.liu@rmit.edu.au

Course Coordinator Location: 014.11.026

Course Coordinator Availability: by appointment

Pre-requisite Courses and Assumed Knowledge and Capabilities

This is an advanced course, and requires a significant amount of knowledge of fundamentals. You may not enrol in this course unless it is explicitly listed in your enrolment program summary, and you have confirmed with your program coordinator that it is an appropriate choice for your study plan.

Pre- or Co-requisite courses:

Enforced:

PG:

• IT Infrastructure and Security
• Introduction to Programming

UG:

• COSC2801: Programming Bootcamp 1
• INTE2625: Intro to Cyber Security

Required Prior Knowledge:

• a sound understanding of computer security and data communications, the structure and protocols of the Internet and details of computer storage. Courses such as Cloud Security and Secure Electronic Commerce cover these topics.

 

For more background information, see the Lynda website from the RMIT Library Guide at http://rmit.libguides.com/compsci.

Course Description

This course introduces students to the principles and practice of computer and internet forensics. Students will explore issues related to security of computer systems, accessing and analyzing data, reconstructing events, surveillance, intrusion prevention, intrusion detection, and recovery from breaches. This course is particularly aimed at students who have a strong interest in computer and information security.

Topics include:

• Forernsically examining the state of desktop / mobile computer(s) left behind by an presumed offender to determine what happened.
• Determining internet presence and activity which may have forensic significance
• Learning the basics of evidence-gatehring and custody.
• Basic file reconstruction as evidence
• The use and limitations of visual evidence

Objectives/Learning Outcomes/Capability Development

This course is an option course for several programs

Program Learning Outcomes:

PLO1: Knowledge - Apply a broad and coherent set of knowledge and skills for developing user-centric computing solutions for contemporary societal challenges.

PLO2: Problem Solving - Apply systematic problem solving and decision-making methodologies to identify, design and implement computing solutions to real world problems, demonstrating the ability to work independently to self-manage processes and projects.

PLO4: Communication - Communicate effectively with diverse audiences, employing a range of communication methods in interactions.to both computing and non-computing personnel.

PLO6: Responsibility and Accountability - Demonstrate integrity, ethical conduct, sustainable and culturally inclusive professional standards, including First Nations knowledges and input in designing and implementing computing solutions.

Upon successful completion of this course you should be able to:

1. Apply your knowledge and understanding of computer security to identify security weaknesses and propose possible entry using them;
2. Correctly isolate computer systems for investigation;
3. Duplicate data and analyze it to recover latent information and reconstruct events;
4. Trace and avoid entrapment by malicious internet activity;
5. Analyze email and other online activity trails, such as social network analysis;
6. Document and present gathered information in an appropriate manner for follow-up.

Overview of Learning Activities

 

The learning activities included in this course are:

• Workshop: Key concepts will be explained as short lectures in which course material will be presented and the subject matter will be illustrated with demonstrations and examples; These will be interspersed with practical sessions that will provide the opportunity to consolidate and deepen your knowledge. The sessions include practical analysis and group problem-solving exercises to enable you to analyse, compare, rank and trouble-shoot computer system components and designs.
• Private study: which should include working through the content as presented in classes and other learning materials, and gaining practice at solving conceptual and technical problems. It is essential to keep up to date with provided class exercises as well as doing your own broader reading on the topics covered.

 

A total of 120 hours of study is expected during this course, comprising:

Teacher-directed activities (36 hours): lectures, practical sessions. Each week there wille 3 hours of combined lecture and practical work. You are encouraged to participate through asking questions, commenting on the material based on your own experiences and through presenting solutions to written exercises. The tutorial / laboratory sessions will introduce you to the tools necessary to undertake the assignment work.  Both lectures and tute/labs have an associated set of online quizzes that need to be filled in each week.

Student-directed activities (84 hours): You are expected to be self-directed, studying independently outside class.

Overview of Learning Resources

The course is supported by the Canvas learning management system which provides specific learning resources.  In addition, there are many relevant textbooks beyond the ones suggested here, and open-source software is available for download from their respective sites (advised within class), and a large amount of general documentation is available on the software site, as well as elsewhere on the web.  See the RMIT Library Guide at http://rmit.libguides.com/compsci for more.

 

BYOD requirement

Since this course is interactive, you will need to bring along a personal laptop to class that is powerful enough to handle the software used.  See below for the minimum useful specifications

 

• Recent MS Windows 10 Professional with native ability to virtualize, or Windows 7+ with VirtualBox software (free), or MacOS with ability to virtualise
• 4GB of RAM minimum, 8GB+ preferred
• USB memory stick capability
• Ability to virtual-boot off USB memory stick is desirable
• 10GB free space on hard disk for the various software and virtual instances
• Reasonably powerful CPU, else everybody will be waiting for you.
• Most recent laptops will have the above characteristics.

 

Overview of Assessment

The assessment for this course comprises online quizzes, computer laboratory practices, a lab test, a written assignments and a formal written end-of-semester examination. The lab practices and assignment involve implementation of logic gate and algebra solutions to problems, as well as reviewing current hardware systems capabilities when designing a system to meet stated needs.

Note: This course has no hurdle requirements.

 

Assessment tasks   Assessment Tasks 1:  Online Tests Regular weekly tests which could be online aim to provide early and continuous feedback to help you learn and remember key points.  Total Weighting 10 x (1%) = 10% This assessment task supports CLOs 1, then 2, 3, 4, 5, 6 & 7 progressively throughout the semester Assessment Task 2: Group Presentation Weighting 10% Students will form groups, and each week, a group will present a short 5 min presentation on a topic of interest. This assessment task supports CLOs 1-6 depending on timing of the presentation. Assessment Task 3: Group Presentation + Assignment Weighting 10+20% This assessment task supports CLOs 1, 2, 3, 4, 5 & 6 Assessment Task 4: Exam Weighting 50% This assessment task supports CLOs 1, 2 3, 4, 5, 6