Skip to main content

RITx: CYBER502x Computer Forensics

SYLLABUS: CYBER502x Computer Forensics

Course description

Digital forensics involves the investigation of computer-related crimes with the goal of obtaining evidence to be presented in a court of law.

In this course, you will learn the principles and techniques for digital forensics investigation and the spectrum of available computer forensics tools. You will learn about core forensics procedures to ensure court admissibility of evidence, as well as the legal and ethical implications. You'll see how to perform a forensic investigation on both Unix/Linux and Windows systems with different file systems, and be guided through forensic procedures and review and analyze forensics reports.

You'll also have opportunities to try out different tools in ungraded activities.

This offering is part of the RITx MicroMasters in Cybersecurity that prepares students to enter and advance in the field of computing security.

Upon completion of this course, you will be able to

  • Describe fundamental computer forensics concepts and procedures.
  • Explain how to recover hidden data for forensic analysis from Windows and Linux/Unix file systems
  • Apply digital forensic tools to discover, collect, preserve and analyze Windows and Linux/Unix digital evidence.
  • Explain how steganography tools work and how to use them to detect and possibly recover hidden information.
  • Document and report digital evidence to court.

Prerequisites

The Cybersecurity MicroMasters program was designed to begin with Cyber501x Cybersecurity Fundamentals which introduces major concepts and topics required in the program. After taking Cyber501x, learners could take the remaining modules: Cyber502x, Cyber503x or Cyber504x in sequence or concurrently if the students so choose.  A full listing of the course modules in the Cybersecurity MicroMasters program can be found here.

Course staff

instructor portrait
Yin Pan,
Professor, Computing Security
Rochester Institute of Technology

Grading and certification

If you are planning to earn a verified certificate for this course, you must complete the graded quiz at the end of each week. You only have one attempt for each quiz question, so review each question carefully before saving your answer. Verified students who complete the quizzes with a cumulative 80% or higher average will earn a verified certificate from edX, signifying successful completion of the course.

There is no weekly deadline for each unit's quiz—as long as you complete all the quizzes by the course end date you will be eligible for the certificate.

Students who successfully earn a Verified Certificate in all four courses and pass the capstone will receive a MicroMasters Credential. Learners who successfully earn the MicroMasters Credential are eligible to apply to RIT’s B. Thomas Golisano College of Computing and Information Sciences for graduate credential options. You can learn more about this on the Cybersecurity MicroMasters program page.

You can choose to upgrade to a verified certificate up to August 29, 2017.

Workload

To successfully complete this course, you should plan to devote 8 to 12 hours per week to the course. You will spend that time:

  • Watching videos
  • Reading text resources
  • Completing activities
  • Taking quizzes

Course outline

  • Unit 0: Getting Started
  • Unit 1: Computer Forensics Fundamentals
  • Unit 2: Linux/Unix Acquisition
  • Unit 3: Unix/Linux File System
  • Unit 4: Unix/Linux Forensics Analysis
  • Unit 5: Windows Acquisition
  • Unit 6: Windows File Systems and Registry
  • Unit 7: Windows Forensics Analysis
  • Unit 8: Steganography
  • Conclusion

Units 2 through 8 will open on subsequent Tuesdays at 14:00 UTC. Once opened, units remain open for the rest of the course.

Course materials & activities

In this course, the instructor will explain and demonstrate several tools used for forensic investigations of Linux/Unix and Windows computers. There are optional, ungraded activities that give you guided practice with these tools.

To complete many of these activities, you would need to take this course using a computer on which you have permission to download and install software. You can look at this list of applications in the Downloads & Supplies page in the top toolbar. There is no charge for any of the software you will use in the course.

Units 2 and 3 focus on forensic investigation of Linux/Unix computers. Windows and Mac users can download and run a Linux emulator if they wish to practice with Linux tools. This is also in the Software and Equipment page.

Again, these practice activities are optional and ungraded. We provide them to enhance your learning and to offer opportunities to gain experience with these tools. They are not required to pass the course.

If you wish to participate in these optional activities, you will also need a small—less than 1GB—USB drive. It does not have to be new. In fact, a drive that has had different files loaded on and deleted from it will offer a more realistic data acquisition experience for you.

If you have any questions about these requirements, please check the Software page and the Course FAQs before asking on the Q&A forum.

Course components

To facilitate navigation within each unit, we present course materials and activities with these headings:

About Video

About This Video

A short introduction to the topics covered in each video lecture.

Quiz

Check Your Understanding (UNGRADED QUIZ)

Ungraded questions based on the content of the preceding video lecture. If you cannot answer these questions the first time you try, please review the video again before moving to the next one.

Resources

Additional Resources

The instructor provides links to articles, websites, and other resources that can deepen your learning and understanding of cybersecurity. We will clearly indicate any resources that are required to complete weekly quizzes.

Discussion Question Prompt

Discussions

Discussions are posted in their own topics in each unit and are opportunities to share your ideas and experiences with other students in the course. These are not required for a grade, but we strongly encourage you to participate as much as possible. Course staff observes and moderates the discussion forum.

ComputerAct

Computer Activities

There are optional, ungraded activities in most units that will let you see or apply some of the software and procedures that you'll learn about. Surveys or questions that help you check your results or compare your experiences with other learners follow some of these activities.

Students who complete the Verified track of this MicroMasters will be able to participate in hands-on computer-based lab activities in the CYBER525x Capstone.

Quiz

GRADED QUIZ

Graded quizzes at the end of each unit are required for verified certificates. These quizzes are open to all students.

Students who are seeking a verified certificate must achieve a final course grade average of at least 80% based on all of the Unit Quizzes.


Participating in Discussions

Each unit contains a Discussion that we encourage you to participate in. Discussions are posted in their own topics and are also accessible by clicking "Discussion" on the edX toolbar. It's perfectly fine to use the discussion questions as departure points for other conversations with your classmates. Course staff occasionally monitors posts; however, because we expect a large number of students and limited resources, we may not be able to answer all questions. We appreciate your understanding.

In addition to participating in the course discussions, you can also use the Questions About this Course forum to talk about other topics with your classmates.

Getting Help

If you have a question about content-related or technical issues that you’d like course staff to address, please add [Staff] at the beginning of your post. Please check the FAQs as well as the discussion forum to see if someone else has already asked your question before creating a new post.

You can access any forum by clicking "Discussion" on the toolbar at the top of your screen.

To see previous posts in any forum, click on the "Show All Discussions" tab at the left of the "Discussions" screen, and choose the appropriate category.

For more detailed instructions on how to use edX course discussions, please refer to the edX Learner's Guide under Participating in Course Discussions.

Remember, your contributions must follow the Discussion Code of Conduct below.

Academic policy

You must behave with academic honesty and respect your fellow students. Please abide by the edX Terms of Service & Honor Code.

Discussion Code Of Conduct

We are committed to providing a friendly, safe, and welcoming environment for all students. This code of conduct outlines our expectations for discussion behavior, as well as the consequences for unacceptable behavior.

  • Be respectful
  • Please respect your fellow students. Insulting or abusive words will not be tolerated and will be removed.
  • Be constructive
  • A learning community is about learning with and through engagement with one another.
  • Be culturally aware

This is a global forum with participants from many different cultures and backgrounds. Be sensitive when discussing race, religion, gender, sexual orientation, or controversial topics, since others may be more sensitive about them than you are.

Post appropriately

Content that violates the edX Terms of Service & Honor Code is not permitted. You may not post inappropriate (e.g. pornographic) or copyrighted content, advertise or promote outside products or organizations, or spam the forums with repeat content.

Consequences of Unacceptable Behavior

Unacceptable behavior will not be tolerated. Anyone asked to stop unacceptable behavior is expected to comply immediately.

If a participant engages in unacceptable behavior, the course staff may take any action they deem appropriate, up to and including expulsion from the course.

Please help us create a healthy learning environment by respecting these standards. We do not expect to see many of these issues because we trust students like you to keep our forum communities strong and healthy.