A Model and Guide for an Introductory Computer Security Forensics Course

This paper discusses the critical need for instructors to bring aspects of computing forensics into Information Technology courses and posits that we make computer forensics a course—or a major portion of a course—offered under the auspices of IT security across all IT-related disciplines, but especially those with a business orientation. To facilitate computer forensics implementation in IT courses, the authors briefly discuss the major aspects of computer forensics, such as legal investigations and policy formation. The authors primarily focus on aspects that most IT students will be involved in during this process: collection, logging, verification, and preservation of electronic evidence needed by investigators. Topics include both managerial and technical aspects. Students learn how to develop investigative documentation and study chain of custody documents. They also learn how to safely handle hardware to capture, examine, and preserve disk images, analyze system log files, and find hidden and deleted files.