Computer Forensics

This course is designed to introduce the student to and familiarize the student with the basic concepts surrounding computer forensics. Topics that may (or may not) be covered include:

• The scientific method
• Investigating systems to determine whether anything illegal has been done
• Investigation of storage devices
  • Hard disks
  • Compact disks
  • Solid state devices
• Identify sources of evidence
• Preserve evidence
• Analyze evidence
• Present the findings
• Federal Rules of Evidence
• Defeating countermeasures against forensic experts
• Determining the level of expertise of a supposed criminal
• Knowledge of how to shut down which machines
• Encryption keys stored in RAM
• Rules of evidence handling
• Determining legal authority to seize, image, and examine each device
• Sequence of examination

Requirements might include basic computer knowledge and use. Programming knowledge is a plus but not, so far, a requirement.

This course is under active development. I expect to (with all luck) have it completed by January of 2007, earlier if possible.

This course is still undergoing the early stages of development - if you would like to put your name down as "interested" you can do it here.

Feedback is greatly appreciated and can be submitted via the talk page for the course or on my talk page.

Lectures will reference the Computer Forensics WikiBook (which I will create one of these days if nobody else gets to it first) and the wikibooks for the other topics at hand (cryptography, criminal justice, etc.)