Computer Forensics
Institution: Rochester Institute of Technology (edX)
Date: May 24, 2017 - July 18, 2017
Bio: The first of a five part MicroMasters in Cybersecurity offered through RIT and edX. The course focuses on the art of Computer Forensics primarily form the point of view of Law enforcement and Criminal Investigation.
The course is paced over eight units which are primarily split between Linux and Windows systems. Each unit has 40-50 minutes worth of videos with some ungraded engagement questions. Each week also includes an ungraded lab session where they walk you through using some of the freely available forensic tools on a system to see how they work. The end of the week has a two attempt multiple choice graded quiz which make up the only assessments for the course.
Most of the course is focused around the context of recovering and analyzing data from computers to be used in a criminal investigation. It assumes the computer owner is an adversary and may be intentionally trying to hide information to varying degrees of technical sophistication. In that respect the instructor stresses the concepts of making sure to not alter the source machine, maintain chain of evidence, and keep proper documentation of the process.
The general pattern for both Linux and Windows is first they will talk about how you obtain information from the system. This includes recovering deleted files, properly making a copy of all partitions; and gathering volatile data from running machines such as memroy, current running processes, and network connections. Next they discuss the various file systems of that particular operating systems, how file information is stored or deleted, and in the case of windows how the Registry system works in detail. Finally they talk about how to analyze the data once you collect it.
All the while they introduce various tools for either the collection or analysis phase. They will mention several of the existing commonly used products as well as running through a demo so you can see how they work in practice.
The other two weeks in the course are spent introducing forensic fundamental basics at the start of the course, and introducing the concept of Steganography or hidden information in image or audio files.
This course was refreshing after the previous Cybersecurity Fundamental course, as Computer Forensics includes a lot more practical and usable information for computer security. My only complaint is that the lab isn't part of the graded material. The multiple choice quizzes simply are not that good of an assessment or reinforcement mechanism.
They already went to the trouble of creating the labs, providing files or VM's to experiment on, and creating ungraded assessment questions for their completion. It just seems like a lost opportunity to ensure students complete a practical execution of the courses material and raise the standard for what completing the course actually means. On the other hand, they might have decided not to grade the labs since they only focus on one of the several available tools for each task.
Overall the course was well structured, clearly presented, and refreshingly practical.
Accomplishments: Completed the course with a grade of 100% on all of the quizzes.