Issue Date:11/7/2021 issue:02
ZU/QP10F004
Faculty: Information Technology
Program: Cybersecurity Department: Cybersecurity
Semester:
Academic year:
Course Plan
First: Course Information
Credit Hours:3 Course Title: : Introduction to Digital Evidence
Course No.
1506445
Lecture Time:
Section No.:
Prerequisite:
1506341
Obligatory Faculty Requirement Elective University Requirement Obligatory University Requirement FacultyRequirement
Course Elective Specialty Requirement Obligatory Specialization requirement
Type Of Course:
Face-to-Face Learning
Blended Learning(2 Face-to-Face + 1Asynchronous) Online Learning (2 Synchronous+1 Asynchronous) Type of
Learning:
Second: Instructor’s Information
Academic Rank:
Name:
E-mail:
Ext. Number:
Office Number:
Sunday Monday Tuesday Wednesday Thursday
Office Hours:
Third: Course Description
This course provides a general introduction to the concepts, theories, principles and practices of digital forensics and how to deal with digital evidence. Topics include evidence acquisition and validation, methodologies used in forensics and digital evidence handling, examination of file systems, graphics file investigation, network and email investigation, legal, professional and ethical issues, as well as current development in the field. Through teaching, the unit promotes and strengthens important general skills, such as communication, analysis, inquiry, problem solving, independent and teamwork, professionalism and social responsibility.
Issue Date:11/7/2021 issue:02
ZU/QP10F004
Fourth: Learning Source
Guide to Computer Forensics and Investigations Main Reference:
Publication Year:2019 Issue No.:6th
Author: Nelson, B., Phillips, A. and Steuart, C.
Computer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage (CHFI), EC-Council, Course Technology, 2nd Edition 2016, ISBN-10: 1305883489 | ISBN-13: 978-1305883482
Computer Forensics: Investigation Procedures and Response (CHFI), EC- Council, Course Technology, 2nd Edition 2016, ISBN-10: 1305883470 | ISBN- 13: 978-1305883475
CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide, Charles L. Brooks, McGraw-Hill Education, 1st Edition 2014, ISBN-10:
0071831568 | ISBN-13: 978-0071831567
Computer Forensics and Digital Investigation with EnCase Forensic v7, Suzanne Widup, McGraw-Hill Education, 1st Edition 2014, ISBN-10: 0071807918 | ISBN-13: 978- 007180791
Computer Forensics: Investigating Data and Image Files (CHFI), EC-Council, Course Technology, 2nd Edition 2016, ISBN-10: 1305883497 | ISBN-13: 978- 1305883499
Computer Forensics: Investigating Network Intrusions and Cybercrime, EC- Council, Course Technology, 2nd Edition 2016, ISBN-10: 1305883500 | ISBN- 13: 978-1305883505
Digital Evidence and Computer Crime, Third Edition: Forensic Science, Computers, and the Internet, Eoghan Casey, Academic Press, 3rd Edition 2017, ISBN-10: 0128103280 | ISBN-13: 978-0128103289
An Introduction to Computer Security: the NIST Handbook, http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf Access on June 29, 2022
Who is the OWASP Foundation?, http://www.owasp.org/index.php/ Main_Page Access on June 29, 2022
Cybersecurity, http://www.windowsecurity.com/whitepaper/ Access on June 29, 2022
Additional Sources
&Websites:
Classroom Laboratory Workshop MS Teams Moodle Teaching Type:
Fifth: Learning Outcomes
Connection To Program ILOs
Code Course Intended Learning Outcomes (CILOs)
Course Code
Knowledge
*PK1, PK2, PK4 Provide the students with the basic and advanced uses of computer
security and digital forensics.
*K1
Describe the methods used to store data locally on a computer, PK3 remotely on the Internet, and in general on the local computer and the Internet.
K2
Issue Date:11/7/2021 issue:02
ZU/QP10F004
PK3, PK4 Knowledge of methodologies and techniques used to manipulate
with digital evidence.
K3
PK4 Know the role of digital forensics in criminal investigations.
K4
Skills
**PS1 Describe an appropriate evidence handling process.
*S1
Using an existing report template, write a report of an analysis of PS4 digital evidence for a digital crime case
S2
Given some hypothetical and actual case scenarios, review and PS3 synthesize existing industry best practices for the processing of digital evidence.
S3
PS1 Clarify the main concepts in digital evidence.
S4
Use a number of digital forensics tools to plan and carry out a digital PS4 forensic investigation, from data gathering and validation to evidence discovery, analysis, validation, and presentation.
S5
Conduct independent research to better comprehend a certain topic PS1 or stay current with field developments.
S6
Understand the available techniques and methods for encryption PS2 data
S7
Competencies
**PC1 Understand different techniques for dealing with digital evidence.
*C1
Communicate with the students in the proper way to deliver the PC2 required skills and providing them with knowledge about digital forensics, techniques and tools.
C2
PC2, PC5 Divide class student into a number of groups to teach them how to
work in a teamwork and providing them with assignments and home works to discuss the uses of different techniques and methods of digital forensics.
C3
PC5 Learn and innovate independently
C4
* P: Program, **K: knowledge, ***S: skills, ****C: competencies.
Sixth: Course Structure
Lecture Date
Intended Teaching Outcomes(ILOs)
Topics Teaching
Procedures* TeachingMethods*** References***
1
W C2
K1
Understanding the Digital Forensics Profession and Investigations
Direct Lecturing , quizzes
and assignments Textbook-ch1
Issue Date:11/7/2021 issue:02
ZU/QP10F004
2
W K1, K2
The
Investigator’s Office and Laboratory
Direct Lecturing , quizzes and
assignments Textbook-ch2
3
W S2
K2, K3
Data Acquisition
Direct Lecturing , quizzes and
assignments Textbook-ch3
4
W S2
K3, K4
Processing Crime and
Incident Scenes Direct
Lecturing , quizzes and
assignments Textbook-ch4
5
W K3, K4
S2
Working with Windows and CLI Systems
Direct Lecturing , quizzes and
assignments Textbook-ch5
6
W K3, K4
S2
Current Digital Forensics Tools
Direct Lecturing , quizzes and
assignments Textbook-ch6
7
W K1, K2
S2
Linux and Macintosh File Systems
Direct Lecturing , quizzes and
assignments Textbook-ch7
8
W K1
S2
Recovering
Graphics Files Direct Lecturing , quizzes and
assignments Textbook-ch8
9
W K1, K4
S2
Digital Forensics Analysis and Validation
Direct Lecturing , quizzes and
assignments Textbook-ch9
11
W C1, C2, C3
Virtual Machine Forensics, Live Acquisitions, and Network
Forensics
Direct Lecturing , quizzes and
assignments Textbook-ch10
11
W K1, K2
E-mail and Social Media Investigations
Direct Lecturing , quizzes and
assignments Textbook-ch11
12
W S2
Mobile Device Forensics and The Internet of Anything
Direct Lecturing , quizzes and
assignments Textbook-ch12
13
W K3, K4 Cloud Forensics Direct Lecturing , quizzes and
assignments Textbook-ch13 14
W C1, C2, C3
K1, S1
Report Writing for High-Tech Investigations
Direct Lecturing , quizzes and
assignments Textbook-ch14
Issue Date:11/7/2021 issue:02
ZU/QP10F004
15
W K1, S1
C1, C2, C3
Expert Testimony in Digital Investigations
Direct Lecturing , quizzes and
assignments Textbook-ch15
16
W K1, K2, S1,
S2
-Ethics for the Expert Witness -Revision
Direct Lecturing , quizzes and
assignments Textbook-ch16
* Learning procedures: (Face-to-Face, synchronous, asynchronous). * * Teaching methods: (Lecture, video…..). ** * Reference: (Pages of the book, recorded lecture, video….).
Seventh: Assessment methods
Methods Online
Learning
Blended Learning
Face-To-Face Learning
Measurable Course (ILOs)
