Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
38 views2 pages

Forensics

The document outlines the course 'Forensics and Incident Response,' detailing its objectives, prerequisites, and learning outcomes. It covers various units including incident response methodology, ACPO principles, file system analysis, system investigation, and hacker tools analysis. Additionally, it includes assessment methods and resources for further learning.

Uploaded by

ab9832
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
38 views2 pages

Forensics

The document outlines the course 'Forensics and Incident Response,' detailing its objectives, prerequisites, and learning outcomes. It covers various units including incident response methodology, ACPO principles, file system analysis, system investigation, and hacker tools analysis. Additionally, it includes assessment methods and resources for further learning.

Uploaded by

ab9832
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Course Course Course L T P C

21CSE381T FORENSICS AND INCIDENT RESPONSE E PROFESSIONAL ELECTIVE


Code Name Category 2 1 0 3

Pre-requisite Co- requisite Progressive


Nil Nil Nil
Courses Courses Courses
Course Offering Department School of Computing Data Book / Codes / Standards Nil

Course Learning Rationale (CLR): The purpose of learning this course is to: Program Outcomes (PO) Program
Specific
CLR-1: Gain knowledge on the basics of procedures for identification, preservation of electronic evidence 1 2 3 4 5 6 7 8 9 10 11 12 outcomes

The engineer and society


Conduct investigations of
CLR-2: Understand the purpose and usage of various forensic tools

Individual & Team Work


Engineering Knowledge

Design/development of

Project Mgt. & Finance


CLR-3: Gain knowledge on how scientific evidence collection/extraction during investigation

Modern Tool Usage

Life Long Learning


complex problems
Problem Analysis

Communication
CLR-4: Acquire knowledge on file systems and its working

Environment &
Sustainability
CLR-5: Understand the windows and Linux investigation procedures

solutions

PSO-1

PSO-2

PSO-3
Ethics
Course Outcomes (CO): At the end of this course, learners will be able to:
CO-1: Acquire the knowledge on basics of procedures for identification, preservation of electronic evidence - - 2 - - - - - - - - - - - -
CO-2: Acquire the ability to identify the purpose and usage of various forensic tool - - - - - - - 2 - - - - - - -
CO-3: Understand how scientific evidence collection/extraction during investigation - - 2 - - - - 2 - - - - - - 3
CO-4: Appreciate the concepts of file systems and its importance in forensic science. - - - - - - - 2 - - - - - - 3
CO-5: Apply the knowledge of windows and Linux investigation procedures - - 2 - - - - - - - - - - - -

Unit-1 – Introduction to Incident 9 Hour


Goals of Incident Response-Introduction to Incident Response Methodology (IRM)- Steps in Incident Response Methodology-IRM: Pre-incident preparation-IRM: Detection of incidents-IRM: Initial Response-IRM:
Formulate a Response Strategy-IRM: Investigate the Incident-IRM: Reporting-Creating response toolkit – Windows-Volatile Data Collection – Windows-In-depth data collection – Windows-Storing collected data –
Windows-Creating response toolkit – Unix-Volatile Data Collection – Unix-In-depth data collection – Unix-Storing collected data – Unix
Unit-2 – ACPO Principles 9 Hour
Introduction to ACPO Principles-ACPO Principles of Computer Based Evidence-Introduction to computer Storage Formats-Understanding Storage Formats for Digital Evidence-Forensic Duplication-Forensic
Duplication tools-Forensic Duplicate creation of HDD-Qualified Forensic Duplicate creation-Restored Image-Mirror Image-Forensic Duplication Tool Requirements-Creating a Forensic Duplicate of a Hard Drive-
Evidence Handling-Types of Evidence-Challenges in Evidence Handling-Overview of Evidence Handling Procedure.- Evidence Handling Procedure-Evidence Handling reports
Unit-3 – File System Analysis 9 Hour
Introduction to File System Analysis-What is a File System? - Five Data Categories-FAT Concepts-FAT Analysis-FAT - The Big Picture-Introduction to NTFS-Files in NTFS-MFT Concepts-MFT Attribute Concepts-
Other MFT Attribute Concepts-Indexes in NTFS-NTFS Analysis - File System Category-NTFS Analysis - Content Category-NTFS Analysis - Metadata Category-NTFS Analysis - File Name Category-NTFS Analysis
- Application Category-NTFS - The Big Picture
Unit-4 – Investigating Systems 9 Hour
Introduction to Investigating Systems-Investigating Windows Systems-Where Evidence resides on Windows Systems-Conducting a Windows Investigation I-Conducting a Windows Investigation II-File Auditing-Theft
of Information-Handling the departing employee-Investigating Unix Systems-Overview of steps - Unix Investigation-Reviewing pertinent logs-Performing keyword searches-Reviewing relevant files-Identifying
unauthorized user accounts/groups-Identifying rogue processes-Checking for unauthorized access points-Analysing trust relationships-Detecting loadable kernel modules

259
B.Tech / M.Tech (Integrated) Programmes-Regulations 2021- Volume-11-CSE – Higher Semester Syllabi-Control Copy
Unit-5 – Investing Hacker Tools 9 Hour
Investigating Hacker Tools-What are the goals of tool analysis?- How are files compiled?- Static Analysis of Hacker Tools I-Static Analysis of Hacker Tools II-Dynamic Analysis of Hacker Tools I-Dynamic Analysis of
Hacker Tools II-Evaluating Computer Forensics Tools-Types of Forensic Tools-Tasks performed by Forensic Tools-Tool comparisons-Computer Forensics Software Tools-Computer Forensics Hardware Tools-
Validating and Testing Computer Forensics Software-Introduction to Forensic Report Writing-Understanding the Importance of Reports-Guidelines for Writing Reports-A Template for Computer Forensics Reports

1. Kevin Mandia, Chris Prosise, Incident Response and computer forensics‖, Tata 3. Eoghan Casey,"Hand book Computer Crime Investigation's Forensic Tools and Technology",
McGrawHill, 2006. Academic Press, 1st Edition, 2001.
Learning
2. Bill Nelson, Amelia Philips, and Christopher Steuart, ―Guide to computer forensics 4. Brian Carrier, ―File System Forensic Analysis‖, Addison-Wesley Professional; 1st edition 2005,
Resources
and investigations‖, course technology, CengageLearning;4thedition, ISBN:1-435- ISBN13: 978-0321268174
49883-6,2009

Learning Assessment
Continuous Learning Assessment (CLA)
Summative
Formative Life-Long Learning
Bloom’s Final Examination
CLA-1 Average of unit test CLA-2
Level of Thinking (40% weightage)
(50%) (10%)
Theory Practice Theory Practice Theory Practice
Level 1 Remember 15% - 15% - 15% -
Level 2 Understand 25% - 20% - 25% -
Level 3 Apply 30% - 25% - 30% -
Level 4 Analyze 30% - 25% - 30% -
Level 5 Evaluate - - 10% - - -
Level 6 Create - - 5% - - -
Total 100 % 100 % 100 %

Course Designers
Experts from Industry Experts from Higher Technical Institutions Internal Experts
1. Mr.M. Vivekanandan,Nokia 1. Karthikeyan.C.M. T,Govt College of Engg,Bargur 1. D.Saveetha, SRMIST
2. Mr. Santhosh Kumar,CTS 2. Syedthouheed, Reva University, Bangalore

260
B.Tech / M.Tech (Integrated) Programmes-Regulations 2021- Volume-11-CSE – Higher Semester Syllabi-Control Copy

You might also like