Instructor: Randolph Langley
Email: langley@cs.fsu.edu
Office: 410C Love Building
CIS4385 meets at 4:50PM - 6:05PM on Tuesday and Thursday in HWC2400.
My in-person office hours are on Wednesdays; there are two sessions, the first from 11:00 to 12:00, and the second from 12:30 to 2:00.
If these are not convenient, or if you would like to meet using alternative means, then please contact me so that we can schedule a meeting in a different venue or format. Please send email to me at langley@cs.fsu.edu to schedule a meeting.
Additionally, while these are not official hours, you can also try visiting my office from 11:00am until 2:00pm on both Monday and Friday; while I cannot promise to be there all of the time, I will often be there and should be reasonably available if I am in the office during those hours.
http://www.cs.fsu.edu/~langley/CIS4385-2024-1/index.html
"Cybercrime activities leave a trail of incriminating evidence. In this course, students will focus on learning tools, techniques, and procedures for detecting cybercrime and analyzing collected data related to past and ongoing cyber offenses. The focus will be on forensic approaches that preserve the legal value of the collected evidence."
This is a technical class focused on detecting cybercrime and analyzing collected data. In particular, our aims will be to study both traditional "post-mortem" analysis and emerging "live" response techniques.
- Be able to distinguish between post-mortem analysis and live response.
- Be able to carry out post-mortem analysis using Linux and Microsoft platforms.
- Be able to carry out effective live response using Linux and Microsoft platforms.
- Understand the issues and differences in post-mortem analysis and live response for Unix/Linux platforms and with Microsoft platforms.
- Understand evidentiary issues in both cold and live analyses.
- Introduction to Digital Forensics and Cybercrime
- Technical Introduction to Windows
- Technical Introduction to Unix/Linux
- Windows Live Response: Collecting and analyzing data using Windows
- Unix/Linux Live Response: Collecting and analyzing data under Linux
- Windows Memory Analysis
- Windows Registry Analysis
- Windows File and filesystem analysis
- Unix/Linux File and filesystem analysis
- Windows Executable file analysis
- Unix/Linux Executable file analysis
Digital Forensics, Investigation, and Response, 4th edition, 2022, Chuck Easttom
Digital Archaeology, by Michael Graves, 2013. (Abbreviated DA in class materials.)
Digital Forensics for Handheld Devices, by Eamon P. Doherty. CRC Press, 2013. (Abbreviated DFHD in class materials.)
Computer Forensics: Cybercriminals, Laws, and Evidence, by Marie-Helen Maras. Jones & Bartlett, 2012. (Abbreviated CFCLE in class materials.)
Malware Forensics Field Guide for Windows Systems, by Cameron H. Malin, Eoghan Casey, and James Aquilina. Syngress, 2012. (Abbreviated MFFGWS in class materials).
Digital Forsensics with Open Source Tools, by Cory Altheide and Harlan Carvey. Syngress, 2011. (Abbreviated DFOST in class materials)
*Windows Forensic Analysis, 2nd Edition, by Harlan Carvey. Syngress, 2009. (This will be abbreviated as WFA in class materials.)
Malware Forensics, James Aquilina, Eoghan Casey, and Cameron Malin. Syngress, 2008. (This will be abbreviated as MF in class materials.)
*File System Forensic Analysis, by Brian Carrier. Addison-Wesley, 2005. (Abbreviated FSFA in class materials.)
Digital Evidence and Computer Crime, 2nd edition, by Eoghan Casey. Academic Press, 2004. (Abbreviated DECC in class materials.)
Information Warfare and Security, by Dorothy Denning. ACM Press, 1999. (Abbreviated IWS in class materials.)
Fighting Computer Crime, by Donn Parker. Wiley Computer Publishing, 1998. (Abbreviated FCC in class materials.)
Additionally, throughout the semester, I may add topical material, generally culled from recent news articles. I will add links to this material on the class home page.
ITEM |
POINTS |
Midterm #1: Thursday, February 8, in our regular classroom at our regular meeting time. |
25 |
Midterm #2: Thursday, March 21, in our regular classroom at our regular meeting time. |
25 |
Final Exam, 2 hours to complete. The final will be at 5:30pm-7:30pm in HWC2400 on Wednesday, May 1. |
25 |
Assignments |
25 |
TOTAL |
100 |
A | 90% - 100% |
B+ | 88% - 89% |
B | 80% - 87% |
C+ | 78% - 79% |
C | 70% - 77% |
D | 60% - 69% |
F | 0% - 59% |
Problem Solving Assignments
Please turn in assignments on time. No late submission will be accepted.
Attendance
Attendance at all class meetings is expected. Please extend courtesy in class by arriving on time, staying until dismissed, and refraining from food and drink.
Excused absences
Excused absences include illness, deaths in the immediate family and other documented crises, call to active military duty or jury duty, religious holy days, and official University activities. Accommodations for these excused absences will be made and will do so in a way that does not penalize students who have a valid excuse. Consideration will also be given to students whose dependent children experience serious illness.
Communication
You should check your electronic mail frequently for information about this course, as well as the class home page. You are also encouraged to use email to ask questions and report problems.
Academic Dishonesty
There is no group work in this class. All assignments must be done solely by you. Do not solicit help from your fellow students or from any other source.
Academic dishonesty will not be tolerated. Do not turn in other people's work as your own; this includes, but is not limited to, unattributed copying from web pages, other students' work, books, journals, or broadcast media. Citations and clear delineation of cited material as distinguished from your own original work is mandatory.
The Florida State University academic honor policy is at http://dof.fsu.edu/content/download/21140/136629/AHP2010Revision.pdf
Official FSU statement on the Academic Honor Policy:
ACADEMIC HONOR POLICY: The Florida State University Academic Honor Policy outlines the University's expectations for the integrity of students' academic work, the procedures for resolving alleged violations of those expectations, and the rights and responsibilities of students and faculty members throughout the process. Students are responsible for reading the Academic Honor Policy and for living up to their pledge to "... be honest and truthful and ... [to] strive for personal and institutional integrity at Florida State University."University ADA statement
ADA AMERICANS WITH DISABILITIES ACT: Students with disabilities needing academic accommodation should: (1) register with and provide documentation to the Student Disability Resource Center; and (2) bring a letter to the instructor indicating the need for accommodation and what type. This should be done during the first week of class. This syllabus and other class materials are available in alternative format upon request. For more information about services available to FSU students with disabilities, contact the: Student Disability Resource Center 874 Traditions Way 108 Student Services Building Florida State University Tallahassee, FL 32306-4167 (850) 644-9566 (voice) (850) 644-8504 (TDD) sdrc@admin.fsu.edu http://www.disabilitycenter.fsu.edu/Please advise me at your earliest convenience (within one week) if you have a disability that will require a reasonable accommodation for the successful completion of this course. Also, as indicated above, you should register with the and provide documentation to the Student Disability Resource Center, and provide me a letter indicating the need for accommodation and indicating what type.
Summary
If you are experiencing difficulty or are concerned about your progress, please speak with me immediately.