Aug 27, 2009 ... Course Technology, 2008. ISBN-13: 978-1-4180-6733-5. • Hackers Challenge 3:
20 Brand-new Forensic Scenarios and Solutions, by David ...
CS 585 Cybercrime: Legal & Investigative Issues
Fall 2009
Syllabus Save this important document!
27 August 2009
Class Meeting Time and Place: Tuesday and Thursday 5:15–6:30, RGAN 203 Instructors:
Dr. Kenneth Calvert Dr. Thomas Johnson Office: Telephone: Office Hours:
(
[email protected]) and (
[email protected]) Calvert — FPAT 773C, Hardymon 228 Calvert — 859-257-3961, 859-257-6745 Johnson — 859-523-9236 Johnson — Tue & Thu, 4:00–5:00 CRMS 514D Calvert — Tue 8:00–9:00 FPAT 773C Calvert — Wed 8:00–9:00 Hardymon 228
Course Web Page: http://protocols.netlab.edu/~calvert/classes/4nsics-f09/
1
Course Particulars
This course is an introduction to the field of computer forensics and digital evidence. It gives an overview of computer crime and the procedures used by law enforcement and specialists in computer forensic investigation. The goal is to provide an understanding of and appreciation for the challenges raised by digital computing technology for our legal system, and for issues of privacy and civil rights.
1.1
Communication
The course web page and electronic mail are the primary mechanisms for communicating information about the course. It is your responsibility to check your UK email regularly (every day). We will assume that anything sent to your UK mail address will be received and read by you—and nothing short of a campus-wide email outage will change that. Thus “I didn’t see the email” is not a valid excuse in this class. The best way to reach the instructors is by email. But please remember that email is an asynchronous medium. Also: While we make every effort to be available during office hours, occasionally things come up, we go out of town, etc. It is therefore strongly suggested that you call first before coming to office hours.
1.2
Textbooks and Other Resources
Required Textbook: Digital Evidence and Computer Crime, second edition, by Eoghan Casey. Academic Press (an imprint of Elsevier), 2004. ISBN-13: 978-0-12-163104-8. Other resources you may find helpful: • Guide to Computer Forensics and Investigations, third edition, by Bill Nelson, Amelia Phillips, Frank Enfinger, and Christopher Stuart. Course Technology, 2008. ISBN-13: 978-1-4180-6733-5. • Hackers Challenge 3: 20 Brand-new Forensic Scenarios and Solutions, by David Pollino, Bill Pennington, Tony Bradley and Himanshu Dwivedi. McGraw-Hill, 2006. ISBN: 0-07-226304-0. Two copies 1
of this book are on reserve in the Engineering Library. • “Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations”, available online at www.cybercrime.gov/s&smanual2002.htm. • “Digital Evidence in the Courtroom: A Guide for Preparing Digital Evidence for Courtroom Presentation”, US Department of Justice, National Institute of Justice, available online via: http://www.ojp.usdoj.gov/nij/pubs-sum/211314.htm
1.3
Expected Student Background (Preconditions)
This course has no formal prerequisites. However, it is expected that you will have some familiarity with computers and their use, as well as some understanding of the Internet and how it works. For example, you should know what an IP address is. Some knowledge of/experience with programming will be helpful, but is not crucial.
1.4
Learning Objectives (Postconditions)
At the conclusion of the course, the successful student will be able to: • Describe the legal context in which cybercrimes are committed and digital evidence of all kinds is collected; • Describe and differentiate various roles computers and digital devices may play in various illegal activities; • Explain and apply the procedures for and constraints on the collection of digital evidence in an investigation; • Describe several techniques by which information may be hidden from a casual investigator, and recovered by a trained investigator; • Describe the issues around the right to privacy and the tension between law enforcement needs and public expectations.
1.5
Teaching Methods
The course will use lectures, homework assignments, case studies, and group projects to promote learning. As usual, a significant portion of the learning will take place outside the classroom. Students are expected to be active participants, asking questions, challenging instructors, and generally taking responsibility for their own learning.
2
Learning Assessment
Your grade will be determined by your achievement with respect to the learning objectives, as measured by your performance on assigned work. The weights assigned to each of these are as follows: Homework Midterm Exam Final Exam Group Project
10% 30% 30% 30% 2
Course grades will be determined as follows: First we compute each student’s “raw” total score (out of 100) using the above weights for each assignment. The highest raw score in the class becomes the “normalized” maximum. Your final score is then your raw score divided by the normalized maximum. For example, if the highest raw score obtained by anybody is 93, a student with a raw score of 85 would have a final score of 91.40. Letter grades are assigned on the basis of final scores, with the dividing line between A and B falling roughly around 90, between B and C around 80, between C and D around 70, and between D and E around 60. Lines may be moved down to coincide with gaps in the final score distribution. In all cases, however, your grade is determined by your numerical score on the above components and where the lines are drawn. Grades for undergraduates will be computed in the same way, except that the highest score obtained by an undergraduate is used as the normalized maximum. In case there are only one or two undergraduates in the course, the normalized maximum score will be computed as a percentage of the maximum score obtained by anyone in the course.
3
Academic Conduct Expectations
We expect each student to act honestly and to do his or her own work. We don’t mind if you help each other with understanding the material; in fact, it is encouraged. However, anything that you turn in—homework, examinations, projects—must be your own work, composed and written by you without looking at others’ work. You are required to sign and turn in a statement indicating that you have read and understood the relevant portions of the “U.K. Student Rights and Responsibilities” document. NOTE WELL: Students are expected to act ethically with respect to the material they learn. In particular, you may learn methods that could be used to cause harm to others. Any such use of the material in this course will be dealt with as the most serious form of academic misconduct.
4
Topical Outline
The content of the course is organized according to the following general outline: 1. Legal Context 2. Computer Background 3. Investigative Procedures and Tools 4. Case Studies and Ethical Issues The following lecture schedule is approximate, and is subject to change. In the following, “Ch. n” refers to Chapter n of the text Digital Evidence and Computer Crime, second edition, by Eoghan Casey. You should read these chapters in advance of the indicated lecture.
3
Lect. # 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
25 26 27 28
Date Topic Reading 27 Aug Intro to the course; Legal background 1 Sep Overview of Computers and Crime Ch. 1–2 3 Sep Technology and Law Ch. 3 8 Sep Cybercrime threats and prevention 10 Sep Investigation and Investigative Units Ch. 4 15 Sep Evidence recovery Lab 17 Sep Distinguished Lecture by Bruce Schneier 22 Sep Legal Reqs and Digital Evidence—Procedures Ch. 5, 7 24 Sep Legal Reqs and Evidence—Tools and Experts 29 Sep Legal Reqs— Warrants and the 4th Amendment 1 Oct Internet Crime/Lab time Ch 10–12 6 Oct Countermeasures Ch. 14–15 8 Oct TBD 13 Oct Midterm examination 15 Oct Midterm handback/TBD 20 Oct Policy Issues 22 Oct Setup Case study exercise 27 Oct Case study exercise 29 Oct Case study exercise 3 Nov Project handouts 5 Nov Privacy issues 10 Nov Guest lecture (Spernow) talk/Q&A 12 Nov Lab/Tools Ch. 19 17 Nov More Privacy 19 Nov Ethical issues/Decisionmaking 24 Nov No Class 26 Nov Thanksgiving Holiday — no class 1 Dec TBD 3 Dec Project presentations 8 Dec Project presentations 10 Dec Project presentations Friday, 18 December, 3:30-5:30 — Final Examination Period
4
