| PO1 | PO2 | PO3 | PO4 | PO5 | PO6 | PO7 | PO8 | PO9 | PO10 | PO11 | PO12 | PSO1 | PSO2 | PSO3 | ||
| K3 | K4 | K5 | K5 | K6 | - | - | - | - | - | - | - | K5 | K3 | K6 | ||
| CO1 | K2 | 2 | 2 | 1 | 0 | 1 | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 1 | 2 | 1 |
| CO2 | K3 | 3 | 2 | 2 | 0 | 1 | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 2 | 3 | 1 |
| CO3 | K3 | 3 | 2 | 2 | 0 | 1 | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 2 | 3 | 1 |
| CO4 | K2 | 2 | 2 | 1 | 0 | 1 | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 1 | 2 | 1 |
| CO5 | K3 | 3 | 2 | 2 | 0 | 1 | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 2 | 3 | 1 |
| Score | 13 | 10 | 8 | 0 | 5 | 5 | 0 | 5 | 0 | 0 | 0 | 0 | 8 | 13 | 5 | |
| Course Mapping | 3 | 2 | 2 | 0 | 1 | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 2 | 3 | 1 |
{{{credits}}}
| L | T | P | C |
| 3 | 0 | 0 | 3 |
- Almost the same as AU
- The changes are listed below.
- Unit-1: AU-Unit I included.
- Unit-2: AU-Unit I topics included AU-Unit I data acquisition topics is elaborated
- Unit-3: AU-Unit II topics included AU-Unit III topics included
- Unit-4: AU-Unit III topics included
- Unit-5: New tools topics included Ehtical hacking given in AU-Unit IV in SNU syllabus and V is not included in SNU.
- Not Applicable
- Five Course outcomes specified and aligned with units
- Not Applicable
- Did not include Kali Linux or Metasploit tools, as they are penetration testing tools to detect the vulnerabilities.
- To learn computer forensics and understand incident response
- To know the methods to collect and store digital evidence
- To understand the approaches to analyse and validate data
- To investigate network and mobile forensic data
- To be familiar with forensics tools.
{{{unit}}}
| UNIT I | INTRODUCTION TO COMPUTER FORENSICS | 9 |
Understanding Computer Forensics; Introduction to the Incident Response Process; Preparing for Incident Response: Overview of pre-incident preparation – Identifying risk – Preparing individual hosts – Preparing a network – Establishing appropriate policies and procedures – Creating a response toolkit – Establishing an incident response team.
{{{unit}}}
| UNIT II | DATA ACQUISITION | 9 |
After Detection of an Incident: Initial response phase – Incident notification procedure – Recording the details – Incident declaration – Assembling the CSIRT – Traditional investigative steps – Conducting interviews – Response strategy; Data Acquisition: Storage formats – Best acquisition method – Image acquisitions – Acquisition tools – Validating data acquisitions – RAID data acquisitions – Remote network acquisition tools.
{{{unit}}}
| UNIT III | ANALYSIS AND VALIDATION | 9 |
Processing Crime and Incident Scenes: Identifying digital evidence – Private sector IS – Processing law enforcement CS – Search – Securing CS – Seizing – Storing – Digital hash – Reviewing a case; Working with Windows and DOS Systems: Examining NTFS disks; Computer Forensics Analysis and Validation: Data to collect and analyze – Validating – Data hiding techniques – Remote acquisition.
{{{unit}}}
| UNIT IV | NETWORK AND MOBILE FORENSICS | 9 |
Network Forensics: Developing standard procedures for network forensics – Using network tools; E-mail Investigations: Understanding e-mail servers – Using specialized e-mail forensics tools; Cell Phone and Mobile Device Forensics: Understanding mobile device forensics – Understanding acquisition procedures for cell phones and mobile devices.
{{{unit}}}
| UNIT V | COMPUTER FORENSIC TOOLS | 9 |
The Investigator’s Office and Laboratory: Understanding forensics lab certification requirements – Determining the physical requirements for a computer forensics lab; Computer Forensic tools: Encase – Helix – FTK – Autopsy – Sleuth kit forensic browser – FIRE – Found stone forensic toolKit – WinHex – Linux and other open source tools; Case Study : Banking Industry Executive Level Financial Fraud .
\hfill Total Periods: 45
After the completion of this course, students will be able to:
- Understand the preparation of incident response (K2)
- Apply data acquisition techniques (K3)
- Analyze and validate forensics data (K3)
- Understand network and mobile forensics (K2)
- Use forensics tools (K3).
- Chris Prosise, Kevin Mandia, “Incident Response and Computer Forensics”, 2nd Edition, McGraw-Hill 2003.
- Nelson, Phillips, Enfinger, Steuart, “Computer Forensics and Investigations”, Cengage Learning, India Edition, 2008.
- Dhillon G, “Principles of Information Systems Security”, John Wiley & Sons, 2007.
- Whitman M E, Mattord H J, “Principles of Information Security”, 3rd Edition, Thompson Course Technology, 2009.
- John R Vacca, “Computer Forensics”, Cengage Learning, 2005.
- Marjie T Britz, “Computer Forensics and Cyber Crime: An Introduction”, 3rd Edition, Prentice Hall, 2013.
- Marcella Jr, Albert, and Doug Menendez, “Cyber Forensics: a Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes”, Auerbach Publications, 2007.
- https://evestigate.com/Case_Studies/Case%20Study%20Banking%20Industry%20Finacial%20Fraud%20by%20Board%20Member%20Director%20CFO.pdf