TCMG 597AB/MGMT 597 - GLOBAL BUSINESS POLICY & …



TCMG 515-6T1 - CYBER SECURITY FORENSIC ANALYSIS & INVESTIGATIONSUniversity of Bridgeport Spring, 2017 Semester Section 6T1 - 6:15pm - 8:45pmJanuary 17, 2017 – May 5, 2017Mandeville Hall - Room 203Alan M. Dressler; Uuniversity of Bridgeport CTech IncUBator, 250 Myrtle Avenue, Suite 101; 203-650-3722; email: alan@. Office Hours: As posted on my office door or by appointment.Student Honor Code: As a UB student, I take personal responsibility for emulating the highest values and ethical norms: my work is my own and reflective of my best efforts and abilities.COURSE SYLLABUSCourse Description and Approach: Computer forensics, now commonly called “cyber security forensics,” has been a professional ?eld for many years. But, due to the growth of the Internet and the worldwide proliferation of computers (including networks, wireless devices, etc.) have increased the need for cyber security investigations. Computers can be used to commit industrial espionage, and crimes can be recorded on computers, including company policy violations, computer embezzlement, e-mail harassment, leaks of proprietary information, and even terrorism. Law enforcement, network administrators, attorneys, and private investigators now rely on the skills of professional cyber security forensic experts to investigate criminal, civil and terrorist activities.This course introduces students to the fundamental principles and topics of Cyber Security Forensic Analysis and Investigations. Students learn critical forensic principles, methodology and tools that enable them to plan, develop and perform investigations and analysis. This course addresses hardware, software, wireless devices, processes, communications, applications, policies, procedures and legal implications to help identify intrusions. Course Learning Objectives: The course learning objectives are to:To identify the skills of cyber forensic investigators and describe the major types of cyber crime.To identify and investigate cyber crime vulnerabilities, exploitations and incidents of intrusion.To identify the investigation process and the major cyber crime areas.To identify investigator’s tools and appropriate responses to cyber criminal activities.To understand the law with regards to the investigation and prosecution of cyber criminals and other offenders.To identify appropriate law enforcement and organizational strategies to both prevent and control cyber crime and intrusions.To understand investigator’s tools and perform basic cyber forensic “Hands on Projects.”?Required Course Textbook and Supplementary Materials: Nelson, Bill, Phillips, Amelia, and Steuart, Christopher, Guide to Computer Forensics and Investigations (with DVD), 5th Edition, Course Technology (2015). ISBN-13: 9781285060033 The UB book distribution system is for you to order the books on line at or at the UB Bookstore on the main campus. Supplementary Materials:The Lab Connection - Virtual hands-on labs, the Lab Connection product suite will provide the student with the skills necessary to succeed not only at the exam but also professionally. Whether new to the field or a seasoned professional, the Lab Connection user will gain a level of hands-on real life experience not possible using texts exclusively. SANS Institute is the most trusted and by far the largest source for?information security training?and?security certification?in the world. InfoSec Institute - Founded by a team of information security instructors. Their goal was to build a business by offering the best possible training experience for students. (5) Case Studies: The InfoSec Institute - Study: Computer Forensics Investigation, Edmand Dester Thipursian, 2014 SANS Institute - Study: Critical Controls that Sony Should Have Implemented, Gabriel Sanchez, 2015 Study: Minimizing Damage From J.P. Morgan’s Data Breach, Allen Jeng, 2015 Study: The Home Depot Data Breach, Brett Hawkins, 2015 Study: There’s No Going it Alone: Disrupting Major Cyber Crime Rings, John Garris, 2015 Forensics Software - FreewareThree digital forensics programs, are supplied with the text book. In addition, there are projects using the following software, most of which can be downloaded from the Internet as freeware, shareware, or demo versions:? DEFT: Download from . This virtual appliance currently works only withUbuntu 12.04.? Device Seizure: Download from ? Facebook Forensics: Download from ? HexWorkshop: Download from Breakpoint Software at .? IrfanView: Download from Digital Forensics Software – Freeware (Continued)? Kali Linux: Download the ISO image from .? OpenOf?ce (includes OpenCalc): Download from openof?.? Oxygen Forensics: Register at en/ to get a code for downloading.You must use a business e-mail address or one ending in .edu. Oxygen doesn’t respond to freeWeb-based e-mail addresses, such as Yahoo! or Gmail.? PsTools: Download from .? SecureClean: Download from ConsumerSecureClean.? SIMManager: Download from products/card_management/sim_manager.? Sleuth Kit 2.08 and Autopsy Browser 2.07 for Linux and Autopsy Browser 3.1 for Windows:Download from .? S-Tools4: Download from orzip/q764vcPu/s-tools4.htm.? VirtualBox: Download from wiki/Downloads.? Wireshark: Download from .Teel Technologies: CD Hand outRecommended Sources for Reports:EForensics Magazine - International Journal of Cyber-Security and Digital Forensics - Journal of Digital Forensics, Security and Law - International Journal of Cyber Criminology - International Journal of Forensic Computer Science - SANS Institute - HYPERLINK "" InfoSec Institute - - Provides world-class training, networking opportunities, and guidance while contributing to the profession both locally and internationally. Cyber Security Organization memberships:The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration. This group supports the cybersecurity educational programs of academic institution, inspires career awareness and encourages creative efforts to increase the number of underrepresented populations in the field. Cyber Security Organization memberships (Continued):ISACA. As an ISACA student member, you will join a community of students from more than 300 universities worldwide. Your student membership will give you the knowledge and tools to develop your professional identity. You'll make connections with people who work in your target field, plus those who hire for the positions you seek. is the online hub of a collaborative community working to attract, nurture and promote the regions’ tech talent through an array of impactful programs, community development, and events while leveraging Fairfield County’s thriving urban centers and renowned life style on Long Island Sound. CT Tech employment opportunities listed. Reading:Lowry, Lois, The Giver, Houghton Mifflin Harcourt Publication (2014). ISBN-13:9780544336261Coelho, Paulo, The Alchemist, HarperCollins Publication (2014). ISBN-13:9780062315007Orwell, George, 1984, Penguin Publishing (1950). ISBN-13:9780451524935Course Requirements:Class Attendance, Participation, Punctuality, Cheating and Plagiarism: Attendance at each class session is expected. Class lectures complement, but do not duplicate, textbook information. Together the students and instructor will be creating a learning organization. Students are expected to be on time for class. A significant portion of your learning will accrue through the constructive and respectful exchange of each other’s ideas (including mine!) and search for alternative solutions. You must be actively engaged in class discussions to improve your thinking and communication skills. Cheating and plagiarism is absolutely unacceptable in any guise. If I catch you cheating or plagiarizing, I will warn you once. The second offense will result in an “F” for the course. Cheating and plagiarizing means using the work of others as your own. Copying homework, using papers from the Internet, any talking or looking around during exams and allowing others to look at your exam papers are examples of cheating.Be certain that your travel arrangements do NOT conflict with any of your team or individual presentations. As a UB policy, for a three credit course it is expected that each student that attends one hour of classroom instruction will require a minimum of two hours of out of class student work each week for approximately fifteen weeks for one semester.Preparation, Deadlines and Late Policy: Late assignments will be penalized 20% for each class day past the deadline. No excuses will be accepted. Don’t wait until the last minute to print out your assignment. Do not email me late homework assignments. Homework: The syllabus identifies both the oral and written homework assignments. Each assignment that states “written” should be typed and only one or two pages long. It will be collected at the end of class so that you may refer to them during class discussions. Homework is important and represents a key component of your grade.Current News: Each student will be required to bring in and orally review news articles relating to the topic assigned for the class meeting. These will be collected. Suggested sources include: Wall Street Journal, New York Times, Time, EForensics Magazine, the International Journal of Cyber-Security and Digital Forensics, the Journal of Digital Forensics, Security and Law, the International Journal of Cyber Criminology, the Internet and other relevant sources.Cases: All students will complete five (5) written cases (as per class schedule below). For each assigned case, prepare a 1-2 page typed double-spaced (12 point font) response. Each case study will require you to:Summary -Summarize the key issues and facts of the caseQuestions - Answer the questions associated with the case.Recommendations - Make recommendations based on the facts and your experienceLessons Learned - Identify lessons learnedIdentify one question on the case that you would like to have discussed in classImportant: Make sure case format covers all five points above in separate headlines and each question is answered separately!Team Presentation: Group ProjectYour team of investigators is hired by (choose one), any Fortune 500 Company, the FBI, a large metropolitan Hospital, a Nuclear Energy Facility, a Water Company, any Transportation Company, a large University, a big box Retail Company, a Shopping Mall, the NFL, or any national Airline after a publicized cyber-attack. Describe and detail your approach, strategy to secure data, legal issues, and ethical tactics, dealing with the hacker’s demands, PR strategy and security updates. Also, create a strategy to locate the exact source, location and date of the intrusion. Report security risk assessments, vulnerabilities and contingencies.During the first class session, teams will be formed. Each team will be responsible for developing a cyber forensic strategy for a “client” that is under cyber-attack (in PowerPoint format only). In addition, the team will orally present this plan to the class. Two presentations are required; together with a hardcopy of only the final presentation in PowerPoint (see part 2 below) for the instructor prior to the team making the oral presentationSuggested Sections of Presentations include:Outline Welcoming and Informative Introduction:The introduction is the point at which the presenter explains the content and purpose of the presentation. This is a vitally important part of your talk as you will need to gain the audience’s interest and confidence. Key elements of an effective introduction include:A positive start: “Good afternoon, my name is Adam and …”;A statement of what will be discussed: “We are going to explore …”;A statement of the treatment to be applied to the topic (e.g. to compare, contrast, evaluate, describe): “We will be describing the four main principles of …”;A statement of the outcomes of the presentation: “We hope this will provide…”;A statement of what the audience will need to do (e.g. when they can ask questions or whether or not they will need to take notes): “I will pass round a handout that summarizes my presentation before taking questions at the end.”You should aim to deliver your introduction confidently (wait until the audience is quiet before you start speaking) and communicate energy and enthusiasm for your topic.Coherent series of main points presented in a logical sequence:The main points are the backbone of your talk. They play an important role in helping your team prioritize, focus and sequence your information. When planning your presentation you should put aside your research notes and produce a list or summary of the main points that you would like to make, expressing each in a few words or a short sentence. Ask yourself: “what are we really telling them? what should they be learning here?”. Your answers to these questions will help you communicate clear and effective messages to your audience.After you have identified your main points, you should embellish them with supporting information. For example, add clarity to your argument through the use of diagrams, illustrate a link between theory and practice, or substantiate your claims with appropriate data. Use the supporting information to add color and interest to your talk, but avoid detracting from the clarity of your main points by overburdening them with too much detail.Purposeful Conclusion:The conclusion is an essential though frequently underdeveloped section of a presentation. This is the stage at which you can summarize the content and purpose of your talk, offer an overview of what has been achieved and make a lasting impact. Important elements of a conclusion are:A review of the topic and purpose of your presentation: “In this presentation we wanted to explore …”;A statement of the conclusions or recommendations to be drawn from your work: “We hope to have been able to show that the effect of ....”;An indication of the next stages (what might be done to take this work further?): “This highlights the need for further research in the area of …”;An instruction as to what happens next (questions, discussion or group work?): “We would now like to give you the opportunity to ask questions …”;A thank you to the audience for their attention and participation: “That’s all we have time for. Thank you very much for listening.”As with your introduction, you should try to address the audience directly during your conclusion, consolidating the impression of a confident and useful presentation.(PowerPoint presentation only, no paper is due). The Instructor will distribute a rubric which will be used to evaluate the team results and determine the team grade. Each team member will be asked to evaluate the contributions of each team member on his/her team that may affect the individual student’s team grade. Individual Term Paper – You are the digital forensics investigator for one of the following organizations (choose one), any Fortune 500 Company, the FBI, a large metropolitan Hospital, a Nuclear Energy Facility, a Water Company, any Transportation Company, a large University, a big box Retail Company, a Shopping Mall, the NFL, or any national Airline. A cyber “activist” group has just notified your legal department and the Associated Press that they have stolen a tremendous amount of “confidential” information from your servers and cloud storage. What will you do? Describe and detail your response, strategy to secure data, legal issues, and ethical tactics, dealing with the demands, PR strategy and security updates. Also create a strategy to locate the exact source, location and date of the intrusion (use your instructor’s outline provided as a reference). Each paper will be typed doubled-spaced in 12-point font and is expected to range between 14 to 16 pages long. All papers must have a table of contents and a reference section. Please spell check and page number your work. Each student is required to orally summarize his/her term paper in 5 - 6 minutes (4 PowerPoint or overhead slides).The paper and oral summary will be due on the last class day of the term.Factors on which the term paper will be graded:A well-organized Table of Contents that is followed throughout the analysis, including page numbers, is required.A comprehensive bibliography of sources (references) used must be appended at the end of the paper. It is anticipated that the length of the bibliography will correlate with the grade assigned. A web site used as a reference must contain the source document name of the author, title of the article or book or other source and date created.Individual Research Paper Grading Rubric. Use this rubric as a checklist when writing and proofreading your papers. It depicts how I will evaluate your submission. Course Grading:Class Participation, Attendance & Current Events (News) 10%5 Case Analysis & Homework20%Team Project & Presentation 25%Written Term Paper & Oral Summary25%Exam (Mid-Term)20%Total100%Letter GradePercentageA94.9 – 100%A-90 – 94.8%B+87 – 89.9%B83 – 86.9%B-80 – 82.9%C+77 – 79.9%C73 – 76.9%C-70 – 72.9%D+67 – 69.9%D63 – 66.9%D-60 – 62.9%FBelow 60%Cyber Forensics Investigations - Schedule – Spring 2017 – 15 Weeks#DateAssignment11/17/17Course Introduction Understanding the Digital Forensics Profession and Investigations Chapter 1 Chapter 1 Hands On Project 1-1 and Virtual Lab #1Form Project Teams Group Assignment: Team Membership Roles21/24/17The Investigator’s Of?ce and Laboratory – Chapter 2 Chapter 2 Hands On Project 2-1 and Virtual Lab # 2 News (Bring in & review a News article on a relevant topic) Homework Due – Report: Why is Cyber Security Important? Provide Examples.31/31/17Data Acquisition Chapter 3 Hands On Project 3-1 and Virtual Lab # 3Homework Due - Case 1 - Computer Forensics Investigation42/7/17Processing Crime and Incident Scenes Chapter 4 Hands On Project 4-1 and Virtual Lab #4 Working with Windows and CLI Systems – Chapter 5 Chapter 5 Hands On Project 5-1 and Virtual Lab #5News (Bring in & review a News article on a relevant topic)Homework Due - Case 2 - Critical Controls that Sony Should Have Implemented52/14/17Current Digital Forensics Tools - Chapter 6 Homework Due - Case 3 - Minimizing Damage From J.P. Morgan’s Data Virtual Lab #662/21/17Part 1 – Interim Team Presentations –Each team will elect one spokesperson to make the presentation for Part 172/28/17Linux and Macintosh File Systems - Chapter Virtual Lab #7Exam8 3/7/17Recovering Graphics Files - Chapter Virtual Lab #8Digital Forensics Analysis and Validation - Chapter Virtual Lab #9Team Project PresentationsHomework Due - Case 4 - The Home Depot Data Breach 93/14/17Spring Break103/21/17Virtual Machine Forensics, Live Acquisitions, and Network Forensics - Chapter Virtual Lab #10E-mail and Social Media Investigations - Chapter Virtual Lab #11Team Project PresentationsHomework Due - Case 5 - There’s No Going it Alone: Disrupting Major Cyber Crime Rings113/28/17Mobile Device Forensics – Chapter Virtual Lab #12Cloud Forensics - Chapter Virtual Lab #13Team Project Presentations 124/4/17Report Writing for High-Tech Investigations - Chapter Virtual Lab #14Expert Testimony in Digital Investigations - Chapter Virtual Lab #15News (Bring in & review a News article on a relevant topic)134/11/17Summary, Lessons Learned & Student Introspection PlanHomework Due: Report: Careers in Cyber Security in CT, NY and International jobs. Who are the Employers? Where to look for jobs? What skills are needed? 14 4/18/17Individual Term papers Due with Oral Presentations154/25/17Final Oral Presentations165/2/17FinalAs of 12/01/17 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download