Digital Evidence & Computer Crime
Term 1, 2006
]
gray arrow Home
gray arrow Homework
gray arrow Course Information
Class Photo
gray arrow Textbooks
Class Notes
Links
 		 This course covers the relevant background and terminology, legal issues that arise in computer related investigations, and presents a systematic approach to investigating a crime based on the scientific method.  Topics include file systems, data recovery, Internet traces, as well as procedures and tools for properly collecting and examining digital evidence. This course demonstrates how computers are extensions of traditional crime scenes and how digital evidence can be useful in a variety of investigations including computer intrusions and violent crimes.

You are required to take CCJS 105 and IFSM 310 before this class.  It is highly recommended that students bring laptops with CD/ROM, Floppy drive, and a wireless card.

NEWS

That's it... the class is over.  The photo is posted.
Class is currently scheduled for ??? @ ???

The notes are being updated (10/27)
Register now @ UMUC
You should read the book before class
Students should bring a USB stick, 128MB or larger

 
Homework 
 
Date
#
 Assignments
Oct 28
01
Morning Session
  • Register for the class
  • Buy the book
  • Digital Evidence
  • History and Terminology
  • Computer Basics
  • Bring laptop to class
  • Bring Blank Floppies (at least 2)
    		•
    02
    Afternoon Session
  • Quiz
  • Applying Forensic Science to Computers
    		•
    Oct 29
    03
    Morning Session
  • Turn in file2 homework
  • Quiz
  • Forensic Examination of Windows Systems
  • Bring laptops, floppies, Helix CDs to class.
    		•
    04
    Afternoon Session
  • Quiz
  • Digital Evidence in the Courtroom
  • Final Exam - Comprehensive
  • Bring SAS Envelopes to have your grades mailed to you
    		•
    Class Photos
     
     
    Click here to see the class photo!
    Course Information
    Textbooks

     
     

     
    • Required
    • Recommended 
      • Casey, Eoghan - Digital Evidence and Computer Crime, 2nd ed
      • Casey, Eoghan - Handbook of Computer Crime Investigation: Forensic Tools & Technology
      • Nelson, Bill - Guide to Computer Forensics and Investigations
      • Mandia, Kevin - Incident Response & Computer Forensics 2nd
    Class Notes

     
     

     

    		 You should download and read the lecture notes before class.  The lecture notes are in PDF format, you might have to download a reader for your machine.  Note: You need Version 4.0 or better.  You should visit the websites, and download the programs and run them (many of them are already installed in the lab.) Note: Do not print any of this information in the UMAD computer lab.  Also, the lecture notes may not be complete, and should not serve as a substitute for attending class.
     
     
    Date # Notes Topic / Links
    061028
    01
    PDF
    Morning Session

    Digital Evidence
  • What Lawyers and Managers Should Know About Computer Forensics
  • Adventures in Computer Forensics
  • Internet Assisted Suicide: the Story of Sharon Lopatka
  • Building a Forensic Workstation On a Budget - Greg Dominguez
  • Helix - Linux Based Forensic Toolkit
  • Helix for Beginners Manual 
  • Laboratory Hard Drives - Evidence Issues
  • Computer disk drives from WTC could yield clues
  • Identity theft case could be largest so far
  • Cyber crime is right under your nose
  • 'Erased' hard drives can bite you
  • Seeking the Treasure Trove of Data
  • From The Laptops Of Terrorists
  • Accent OFFICE Password Recovery
  • Forensic Focus - excellent website


    • History and Terminology
  • DOJ Cybercrime Website
  • safeback - Evidence grade Bitstream backup software
  • EnCase - Leader in Computer Forensics & Incident Response Solutions
  • Sleuthkit - Forensics Tools for Linux
  • DOJ Searching and Seizing Computers


    • Computer Basics
  • BootDisk.com - Lots of boot disks for different systems - boot98se.exe
  • Mod_com - Modify operating system files for safe boot
  • US v Moussaoui (2003) - computer and e-mail evidence
  • PGP International 
  • PGP Freeware Version
  • PGP Corporation
  • Earth Liberation Front - uses PGP encryption 
  • Passware - Password Recovery Software
    		•
    02
    PDF
    Afternoon Session

    Applying Forensic Science to Computers
  • Siegel, Rich (2005) Tuesdays with Mantu
  • Electronic Crime Scene Investigation: A Guide for Law Enforcement
  • Forensic Examination of Digital Evidence: A Guide for Law Enforcement
  • Uniform Crime Report - How computers are being used in crimes
  • Natascha Kampusch
  • RFC 1321 The MD5 Message-Digest Algorithm
  • What are MD2, MD4, and MD5?
  • DigestIT
  • Knoppix - bootable Linux
  • Penguin Sleuth - Knoppix designed for forensics
  • Knoppix First Responder's Guide
  • KNOPPIX Bootable CD Validation Study
  • Computer First Aid Using Knoppix
  • Password Recovery Solutions
  • John The Ripper
  • How Secure Is Encrypted File System?
  • Recover Lost NT passwords
  • KeyKatch
  • England's Angel of Death
  • The Shipman Inquiry
  • WinImage
  • Ultrablock - Hard Drive write protector
  • EasyExif - used to display Exif information
    		•
    061029
    03
    PDF
    Morning Session

    Forensic Examination of Windows Systems
  • Norton Ghost 2003 as a Forensics Image Acquisition Tool 
  • Detailed Forensic Procedure for Laptop computers
  • Forensic acquiring and analysis
  • Independent Review of Common Forensic Imaging Tools
  • Helix - a more recent Knoppix Forensics CD
  • P2P in the Legal Crosshairs - Wired, Data Scrubbing
  • Office 2003/XP Add-in: Remove Hidden Data
  • The hidden dangers of documents
  • Hidden Data in Electronic Documents - Excellent Paper

    •  
    04
    PDF
    Afternoon Session
    Digital Evidence in the Courtroom
  • Dell Optiplex GX260 Manuals - (Yongsan) Take a look at these before class
  • Dell Inspiron 8100 Manuals - (Chinhae) Take a look at these before class


    • Topic: Final Exam
     
    Links