About the Course:
Cyber Forensics course provides a deep understanding of the techniques to gather, protect and report the digital confirmations.
Course Objectives:
The Cyber Security issues, the Digital Forensics process and the Hard disk structure.
The process of Data Acquisition and the structure of FAT and NTFS file system on Windows operating system.
The Structure of Linux File system (EXT3/EXT4) and the file carving process.
The Android Mobile device forensics and Multimedia Steganography procedures.
The procedure for Email Forensics Analysis and Final report writing as per the court of law.
Course Outcomes:
At the end of this course, the student will be able to:
Understand the phases in Forensic Investigation process and make out the internal structure of HDD and booting process.
Use SleuthKit Library and Make an image of the Evidence with various open source tools and gain knowledge on FAT and NTFS file systems.
Analyse the Unix/Linux File systems with exercises and do file carving using open source tools.
Perform the Mobile device forensics and do Steganalysis for Multimedia forensics.
Do Email forensics and know how to write a good report to be submitted to the court of law.
Course Content:
Unit 1:
Introduction to Forensic Process - 10 Hours
Introduction to computer forensics, Forensics Investigation Process, Forensic Protocol for Evidence Acquisition, Digital Evidences, Types of computer forensics, Challenges in computer forensics, Understanding the Hard disks and File systems-HDD, SSD, Physical structure and Logical Structure of Hard Disk, Tracks, Sector, Cluster, Disk Partitions and Boot process, Open source tools.
Unit 2:
Data Acquisition and Windows File system Forensic Analysis - 12 Hours
Building a Forensics Work station with The Sleuth Kit, Case Study-Data Acquisition – Imaging using Access Data FTK Imager and Encase, Recovering files from the images using Encase, Examining FAT File system, Examining NTFS File system, Case study - NTFS Timestamp Analysis, Autopsy Tool Hands-on.
Unit 3:
Linux File system Analysis andFile Carving - 10 Hours
Unix/Linux file systems (Ext2/Ext3), Unix/Linux Forensic Investigation: Unix/Linux forensics, investigation steps and technologies, Case Study: Memory Acquisition of Linux System using LiME , Principles of file carving, Header/Footer carving, Bitfragment Gap carving, Case Study- Image File Foremost File Carving tool.
Unit 4:
Android Mobile device Forensics and Multimedia Forensics - 12 Hours
Mobile Device Forensic Investigation, Storage Location, Acquisition Methods, Data Analysis of Facebook, Whatsapp, Case study using Android Virtual Device, Steganography Techniques and Tools, Steganalysis Techniques and Tools, Case study-Steganalysis using OpenStego, Anti Forensics Practices-Data Wiping and Shredding, Trail Obfuscation, Encryption, Data Hiding, Case Study-Anti forensic detection using Stegdetect.
Unit 5:
Email Forensics and Investigative reports and Legal Acceptance - 12 Hours
Email Forensics, Recovering emails, Email Header Analysis, Case Study-e-Discovery from Enron Corpus, reparation work for report Writing, Structure of the report, Characteristics of a good report, Document design and good writing practices, Legal Acceptance, Case Study – Legal Acceptance in Autopsy tool, Incident Response process.
Textbooks:
1: “Introductory Computer Forensics-A Hands-on practical Approach”, by Xiaodong Lin, Springer, 2018.
2: “Practical Cyber Forensics- An Incident-Based Approach to Forensic Investigations”, by Niranjan Reddy, A Press, 2019
Refrence Books:
1: “Digital Forensics Workbook_-Hands-on Activities in Digital Forensics”, by Michael K Robinson, CreateSpace Independent Publishing Platform, 2015
Tools & Languages:
Open source tools on Forensics