The knowledge of computer and network forensics has become
essential in securing today's network-centric computing environment.
This new course will give the students both the fundamental
knowledge and hands-on practice on computer and network forensics.
The added exposure to forensics will enhance the marketability of
our students and serve the students who carry the skills and
knowledge forward into their future careers.
Upon completing this course, the students are expected to
understand the basics of computer and network forensics, to be
well-trained as next-generation computer crime investigators, and to
be prepared for active research at the forefront of these areas.
Computer and network forensics studies cyber-attack prevention,
planning, detection, response, and investigation with the goals of counteracting
cybercrimes, and making the responsible persons/groups
accountable. The topics covered in this course include fundamentals
of digital forensics, forensic duplication and
analysis, network surveillance, intrusion detection and response,
incident response, anti-forensics techniques, anonymity and pseudonymity, cyber law, computer
security policies and guidelines, court report writing and
presentation, and case studies. Course projects will be
done using the licensed toolkits and equipments in the NSF-funded Cyber Forensics Lab at Coover 3223.
The course will consist of three course
projects (i.e., machine problems), two exams, and one term paper. We will have a small
number of homework assignments, demonstrations (on your course
projects), and presentations. The students will:
- Write a 8-pages (double column and single space) term
paper: including defining a specific problem, surveying existing
work, developing a (better) solution, and evaluating your
results. A list of selected topics/problems will be provided. You
are also welcome to propose your own one.
- Learn to use and evaluate digital forensic toolkits and write reports on
- Give demos and/or presentations on projects, and term
Module I: Digital
Forensics: An Overview
Module II: Forensics
Basics and Criminalistics
Module III: Basics of
OS and Networking: A Review
Module IV: Advanced
Topics in Computer and Network Forensics
Forensic Modeling and
Forensics Tools and the Testing Thereof
Traceback and Attribution
Module V: Intrusion
and Online Frauds Detection
Cryptocurrency and Blockchain
Module VII: Steganography & Steganalysis
Module IX: Cyber Law,
Security and Privacy Policies and Guidelines
Module X: Case
Studies, and ethical issues
Module XI: Court
Testimony and Report Writing Skills
There will be no textbooks. Most readings are from
the lecture notes and papers published in recent years from top security/forensics conferences/workshops or journals,
reference books, and related Internet web sites. Two reading lists
will be given. The required readings are 30-35 papers and a
suggested reading list includes 130+ papers published within the
last 10 years. The following are a list of reference books:
- Bruce Middleton, Cyber Crime Investigator's Field Guide,
Boca Raton, Florida:Auerbach Publications, 2001, ISBN
- Brian Carrier, File System Forensic
Analysis, Addison-Wesley, 2005, ISBN 0-321-26817-2.
- Chris Prosise and Kevin Mandia, Incident Response:
Investigating Computer Crime, Berkeley, California:
Osborne/McGraw-Hill, 2001, ISBN 0-07-213182-9.
- Warren Kruse and Jay Heiser, Computer Forensics: Incident
Response Essentials, Addition-Wesley, 2002, ISBN
- Stephen Northcutt, Mark Cooper, Matt Fearnow, and Karen
Frederick, Intrusion Signatures and Analysis,
Indianapolis, Indiana: New Riders, 2001, ISBN 0-7357-1063-5.
- Rebecca Gurley Bace, Intrusion Detection,
Indianapolis, Indiana: Macmillan Technical, 2000, ISBN
- Edward Amoroso, Intrusion Detection: An Introduction to
Internet Surveillance, Correlation, Trace Back, Traps, and
Response, Intrusion.Net Books, 1999, ISBN 0-9666700-7-8.
- Ross Anderson, Security Engineering: A Guide to Building
Dependable Distributed Systems, John Wiley & Sons, 2001,
- Alberto Leon-Garcia and Indra Widjaja, Communication
Networks: Fundamental Concepts and Key Architectures, First
Edition, McGraw-Hill Companies, Inc., 2000, ISBN 0-07-022839-6.
Lecture slides and notes can be accessed through
The required and suggested reading lists can be accessed through
Useful On-line Resources:
Scientific Working Group on
International Journal of Digital
Department of Defense Computer
Digital Forensics Research Workshop
National White Collar Crime Center
Department of Justice CCIPS
International Organization on Computer
High Tech Crime Investigators
UK National High Tech Crime Unit
University of Central
Florida Digital Evidence Site
Seminal papers at
Computer Security Archives Project at UC, Davis
Committee on National Security Systems page (NSTISSI standards)
CprE 308 and 489, or at least
familiar with basic concepts in operating systems and networking.
Grading will be on the absolute scale. The cutoff for an `A' will
be at most 90% of total score, 80% for a `B', 70% for a `C', and 60%
for a `D'. However, these cutoffs might be lowered at the end of the
semester to accommodate the actual distribution of grades.
Mid-term & final exam:
Course projects: 30%
Presentations and demos:
and/or short surveys on selected DF topics: 3%
Term papers: 25%
Attendance and participation in
class discussions: 3%, Bonus points (for on-campus students
- All incidents of academic dishonesty will be dealt with
according to the university policy. No exceptions.
All references must be properly cited, including
internet web pages (URL must be provided). If plagiarism is
detected, i.e. without proper citation and quotation, you will
automatically receive an F. When in doubt, please ask
the instructor if it is reasonable to include other's work in
- We welcome active participation and discussions about the topics/materials covered in the class.
- Due date for term papers and course projects is hard (no
late hand-in will be accepted.) except that you have reasonable
reason. However, for the whole semester, you can have at most
one time no-reason three-day extension.
Dr. Yong Guan, Department of Electrical and Computer Engineering,
Iowa State University, Ames, IA 50011. Office: Coover 3216. Email:
(515) 294-8378. Fax: (515) 294-8432.
Lecture: Tuesday & Thursday, 9:30-10:45am, Howe 1252.
Office Hours: Tuesday, 11:00-11:59am, Coover 3219.
For further information, please contact
Yong Guan (email@example.com) by email
or drop by office Durham 309.