vcc.ca
ITOP 2412: Computer Forensics for the First Responder
Effective date
September 2021
Department
IT Operations
School
Continuing Studies
Description
This course will cover conceptual and technical skills for the first responder for forensic investigation. Students will learn about the rules of engaging in a forensic examination, including areas such as liturgical and non-liturgical forensic examination, abuse issues, intrusion management, profiling, and privacy issues. Students will also learn about computer forensics and investigation as a profession.
This course will utilize some of the concepts learnt in the ITOP 2305: Encryption, Public Key Infrastructure Architecture and Administration course. Skills gained in this course can be applied towards fields involving law enforcement, legal processes, report writing for high-tech investigations, and ethics and codes in expert witness.
Credits
2.0
Year of study
2nd Year Post-secondary
Prerequisites
None
Corequisites
None
Course Learning Outcomes
Upon successful completion of this course, students will be able to:
- Describe the preparation process for computer investigations and explain the differences between law enforcement agency and corporate investigations
- Identify procedures for corporate high-tech investigations
- Explain ways to determine forensic acquisition methods
- Discuss methods for validating and testing computer forensics tools
- Describe primary concerns in conducting forensic examinations
- Identify tasks for investigating e-mail crimes and policy violations
- Recognize the Code of Ethics for expert witness
Prior Learning Assessment & Recognition (PLAR)
None
Hours
Lecture, Online, Seminar, Tutorial: 36
Total Hours: 36
Total Hours: 36
Instructional Strategies
Students will engage with the material through a combination of interactive learning methods, such as hands-on activities, case studies, simulations, group work/discussions, demonstration and troubleshooting of problem-based tasks, projects, and exams.
Grading System
Letter Grade (A-F)
Passing grade
C
Evaluation Plan
|
Type |
Percentage |
Assessment activity |
|
Assignments |
15 |
Case Study |
|
Assignments |
30 |
Two to five assignments |
|
Quizzes/Tests |
20 |
Two to four quizzes |
|
Final Exam |
35 |
All chapters |
Course topics
- Computer forensics and forensic resources Conduct, approach, and procedures Understanding data recovery workstations and software Conducting an investigation Forensics lab certification requirements, including physical and storage requirements Data acquisition methods and validation Forensic acquisition tools, including remote network acquisition Digital evidence - identifying, collecting, processing, securing, seizing, storing File systems, disk encryption, Windows registry, startup tools and tasks, virtual machines Forensic software and hardware tools File systems, disk structures, and boot processes, including for Mac, Linux, Unix operating systems Data compression File formats, including graphic files
Learning resources
Guide to Computer Forensics and Investigation by Bill Nelson, Amelia Phillips, and Christopher Steuart
Notes:
- Course contents and descriptions, offerings and schedules are subject to change without notice.
- Students are required to follow all College policies including ones that govern their educational experience at VCC. Policies are available on the VCC website at:
https://www.vcc.ca/about/governance--policies/policies/. - To find out if there are existing transfer agreements for this course, visit the BC Transfer Guide at https://www.bctransferguide.ca.