Tips for the Computer Forensics Specialization

By Dennis Labossiere, August 2015

The Computer Forensics track is 2 semesters, 32 weeks and 4 classes long. In the Forensics track, you will learn Windows Forensic methodologies, RAM analysis, Prefetch folder parsing, Windows Event Log analysis, web history, recycle bin forensics, registry analysis, Shadow Copy forensics, Linux and telecommunications forensics. By the end of the four courses, you will be able to conduct a forensic examination of a computer and understand the legal and privacy considerations in collecting digital evidence in a manner that is scientifically sound and follows industry standards. You'll learn key Windows artifacts, such as the Windows Registry, Internet History artifacts, event logs, key Linux artifacts, and key telecommunication artifacts. You will understand the importance of chain-of-custody, hashing, write protection, working copies and other issues unique to conducting forensic examinations in a network environment. You'll also be able to write a repeatable, unbiased, and professional computer forensic report to accurately document your methodology and findings.

You will utilize tools from FTK, Magnet's IEF, Volatiltiy, ProDiscover, Wireshark, The Security Onion Linux distro, Ubuntu Linux distro, SANS SIFT distro, and VMs. For general requirements, it is easier to complete the Forensic track with a Windows OS, namely Windows 7. It is possible to complete the concentration with a Mac or Linux box, but it is a lot easier to complete the tasks and labs with a Windows machine. Most of the labs utilize Windows 7 or Windows XP scenarios.

Example Assignments

In the telecommunications course, an assignment might be to analyze IDS and Event Logs, perform packet and flow analysis, and more. While in the Linux course, an example of an assignment might be to build out a custom Linux Ubuntu distro with Perl, Python, Ruby, Fuse, AFFuse, Xmount, Bless, Foremost, Scalpel, and The Sleuthkit to name a few. You could also be asked to use Windows to create an image and use Linux to forensically analyze the Windows image.

How much time do I allocate?

Expect to spend a lot of time (roughly 4-5 hours a night) on each lab for each course in the Forensics track. This ensures that you know what you are doing and how to do it. This also helps you with your report writing, which is required in each class. There are quizzes, midterm research papers and final exams. Like all things, communication is key and reading is very important. You will be presented with a lot of information in the 8-week courses and it is crucial that you read and understand it all.

One last tip

One last thing, have fun! There is nothing worse than a bad attitude towards something, especially school. You will learn what you are good at and what you are bad at. It is how you overcome those adversities that make you successful and that holds true with these courses. It will be apparent what your strengths and weaknesses are, but most of the time, it isn't the correct answer that is important, but how you arrived at that answer that is.

About the Author

Dennis Labossiere has been attending Utica College since August of 2009. He came to Utica specifically for their Cyber program. Dennis received his B.S. in May 2013 and quickly started the road to his M.S. in August 2013. He is scheduled to graduate in December 2015 with a M.S. in Cyber Security, with a dual specialization in Computer Forensics and Cyber Operations.