Computer Forensics

Computer Forensics involves the examination of information contained in digital media with the aim of recovering and analyzing latent evidence. This course will provide students an understanding of the basic concepts in preservation, identification, extraction and validation of forensic evidence in a computer system. The course covers many systems level concepts such as disk partitions, file systems, system artifacts in multiple operating systems, file formats, email transfers, and network layers, among others. Students work extensively on raw images of memory and disks, and in the process, build components commonly seen as features of commercial forensics tools (e.g. file system carver, memory analyzer, file carver, and steganalysis). Prerequisites: COMP 2355.