This course covers the all technical, legal, and law enforcement aspects of digital forensics. The course covers following topics:

• Real world incidents (why do we need forensics)
• Incident response process
• Preparing for incidence response (building a forensic ready infrastructure)
• After detecting an incident
• Live data collection from Windows
• Live data collection from Unix
• Forensic duplication (copying harddrives)
• Network based evidence
• Evidence handling
• Computer storage fundamentals
• Data analysis techniques
• Investigating windows systems
• Investigating Unix systems
• Analyze network traffic
• Investigate hacker tools
• Investigate routers
• Writing forensic reports

Announcements LAB SCHEDULE 2005-02-01: Lab-0: Disk Forensics (Warmup) was uploaded into Homework section 2005-01-26: Module-1: Introduction was uploaded into Lecture section 2004-05-10: Module-11: File Systems was uploaded into Lecture section 2004-04-19: Module 10: EnCase Workshop was uploaded into Lecture section 2004-04-12: Module 9: Disk Forensics Tools (cont...) was uploaded into Lecture section