Host-Based Forensics

Course Number: 14-822

Department: Information Networking Institute

Location: Pittsburgh

Units: 12

Semester Offered: Spring

Host Based Forensics provides a systematic introduction to the field of digital forensics. The course aims to familiarize students with the forensic process and to apply forensic principles with many tools of the trade. Upon completion of the course, a student should feel confident in participating in a digital forensic investigation. This course focuses on the forensic process (planning, acquisition, analysis, reporting) as it relates to host system forensics. Class periods will consist of lecture and exercise.

Class format

Lecture and project-based

Home department

INI

Target audience

INI students

Background required

14-761 is a prerequisite.

Learning objectives

  • Understand and apply digital forensic and incident response processes to legal and security challenges posed by computer networks and software systems.
  • Assess computer hardware and software artifacts for forensic evidence required for legal and administrative investigations.
  • Demonstrate the application of host-based forensic tools and techniques to manage and assess networked, software, and distributed systems.
  • Recover, organize, and assemble forensic evidence from contemporary file systems.
  • Recover, organize, and assemble forensic evidence from volatile memory found in modern computers.
  • Recover organize, and assemble forensic evidence from mobile devices.
  • Summarize, explain, paraphrase, and report digital forensic analysis findings and recommendations via written and verbal communication techniques.
  • Construct a technical prototype or detailed policy recommendation that addresses an advanced research question related to the field of digital forensics.

Faculty and instructors who have taught this course in the past

Bill Reed