CMPS 5443-4883: Computer Forensics

Summer semester 2010

Instructor: Dr. Nelson L. Passos
Office: Bolin Science Hall 126B
Office phone: 397-4129
Office Hours: MTWR    9:00 - 11:30 am
Class Hours:

MTWR  2:30 - BO 320

Course Description:

Study of techniques used to identify attacks to computer systems and recover data to be used as evidence in any sort of investigation. Includes an introduction to criminal forensics, evaluation of security flaws, network attacks, information hiding, protection tools. It also includes an introduction to PERL scripts and data communication.

Text book:

Windows Forensics and Incident Recovery, by Harlan Carvey (recommended)

Lecture Notes and Test Files:

CMPS 5443/4883-part 1

CMPS 5443/4883-part 2

CMPS 5443/4883-part 3

CMPS 5443/4883-part 4

CMPS 5443/4883-part 5

CMPS 5443/4883-part 6

CMPS 5443/4883-part 6a

CMPS 5443/4883-part 7

Data file

Tentative Agenda:

July                                                     August                                        Grading



Jul 5-    

Introduction to computer forensics - Ethics

Jul 6-    

Introduction to computer forensics - Fundamentals

Jul 7-

File Systems - Computer communication OSI and TCP/IP

Jul 8-

Computer communication OSI and TCP/IP

Jul 12-

Introduction to Perl

Jul 13-

Introduction to Perl

Jul 14-

Security incidents

Jul 15-

Hiding data

Jul 19-

Test # 1

Jul 20-

Hiding data

Jul 21-

Anticipating problems

Jul 22-

Some tools

Jul 26-

Rootkits and other clues

Jul 27-

Scanners and Sniffers

Jul 28-

Scanners and Sniffers

Jul 29-




Aug 2-


Aug 3-

Test # 2

Aug 4-

E-mail headers - Test review

Aug 5-



Tests: 20 % (each)
Assignments: 20 %
Presentation/reports: 20 %
Class Participation: 20 %

E-mail address:

Back to Dr. Passos Home Page