INFO70244
Defensive Security 2		 Sheridan
 
  I: Administrative Information   II: Course Details   III: Topical Outline(s)  Printable Version
 

Land Acknowledgement

Sheridan College resides on land that has been, and still is, the traditional territory of several Indigenous nations, including the Anishinaabe, the Haudenosaunee Confederacy, the Wendat, and the Mississaugas of the Credit First Nation. We recognize this territory is covered by the Dish with One Spoon treaty and the Two Row Wampum treaty, which emphasize the importance of joint stewardship, peace, and respectful relationships.

As an institution of higher learning Sheridan embraces the critical role that education must play in facilitating real transformational change. We continue our collective efforts to recognize Canada's colonial history and to take steps to meaningful Truth and Reconciliation.
Section I: Administrative Information
  Total hours: 42.0
Credit Value: 3.0
Credit Value Notes: TBD
Effective: Fall 2022
Prerequisites: (INFO70240 AND INFO70243)
Corequisites: N/A
Equivalents: N/A
Pre/Co/Equiv Notes: N/A

Program(s): Cyber Security - Defensive
Program Coordinator(s): N/A
Course Leader or Contact: N/A
Version: 20220906_00
Status: Approved (APPR)

Section I Notes: Access to course materials and assignments will be available on Sheridan's Learning and Teaching Environment (SLATE). Students will need reliable access to a computer and the internet.
 
 
Section II: Course Details

Detailed Description
In this course, students will explore and apply the skills of digital forensics to their own developing computer incident investigation strategies. Students will explain the steps and procedures of the initial preparations of technology systems for investigations. Students will discuss and have opportunities to implement a systematic approach to cyber investigations and organizational procedures and policies. Students will also identify and practice methods of live computer memory acquisition, disk imaging, and network traffic capturing. Additionally, students will complete forensic triage and chain of custody capturing, and protection of attached evidence gathered from accidental modifications. By the end of this course, students will have the tools and strategies to conduct deep-level forensics and recovery of information from damaged assets, and to engage in an end-to-end eDiscovery process to proactively minimize risk and reduce attack surfaces within organizations.

Program Context

 
Cyber Security - Defensive Program Coordinator(s): N/A
Micro-Credential: Cybersecurity- Defensive Security


Course Critical Performance and Learning Outcomes

  Critical Performance:
By the end of this course, students will be able to apply industry standard storage media and system analysis processes and methods to execute an end-to-end cyber-forensic investigation with the help of industry-standard and open-source tools and sample case studies of cyber incidents.
 
Learning Outcomes:

To achieve the critical performance, students will have demonstrated the ability to:

  1. Define term and associated roles of digital forensics and the competencies required to pursue cyber investigations as a profession.
  2. Identify the tools and techniques of data acquisition and the pre-requisites of a formal investigation process.
  3. Distinguish the file systems and file/data structures across heterogenous systems and network communications.
  4. Conduct digital forensics using specific tools and the acquired systems.
  5. Demonstrate the eDiscovery process fundamentals and appraise the legal and technical mandates of the Information Governance and Record Management found in Canadian Cyber Security legal requirements.

Evaluation Plan
Students demonstrate their learning in the following ways:

 Evaluation Plan: ONLINE
 Quiz 115.0%
 Quiz 215.0%
 Assignment 115.0%
 Mid-term exam20.0%
 Assignment 215.0%
 Final exam20.0%
Total100.0%

Evaluation Notes and Academic Missed Work Procedure:
TEST AND ASSIGNMENT PROTOCOL The following protocol applies to every course offered by Continuing and Professional Studies. 1. Students are responsible for staying abreast of test dates and times, as well as due dates and any special instructions for submitting assignments and projects as supplied to the class by the instructor. 2. Students must write all tests at the specified date and time. Missed tests, in-class/online activities, assignments and presentations are awarded a mark of zero. The penalty for late submission of written assignments is a loss of 10% per day for up to five business days (excluding Sundays and statutory holidays), after which, a grade of zero is assigned. Business days include any day that the college is open for business, whether the student has scheduled classes that day or not. An extension or make-up opportunity may be approved by the instructor at his or her discretion.

Provincial Context
The course meets the following Ministry of Colleges and Universities requirements:

 

Essential Employability Skills
Essential Employability Skills emphasized in the course:

  • Communication Skills - Communicate clearly, concisely and correctly in the written, spoken, visual form that fulfills the purpose and meets the needs of the audience.
  • Critical Thinking & Problem Solving Skills - Use a variety of thinking skills to anticipate and solve problems.
  • Information Management - Locate, select, organize and document information using appropriate technology and information systems.
  • Personal Skills - Manage the use of time and other resources to complete projects.

Prior Learning Assessment and Recognition
PLAR Contact (if course is PLAR-eligible) - Office of the Registrar

  • Not Eligible for PLAR
 
 
Section III: Topical Outline
Some details of this outline may change as a result of circumstances such as weather cancellations, College and student activities, and class timetabling.
Instruction Mode: Online
Professor: N/A
Resource(s):
 TypeDescription
RequiredTextbookDigital Forensics and Incident Response, Gerard Johansen, Packt Publishing/ O'Reilly, Second Edition, ISBN 9781838649005, 2020
RequiredTextbookDigital Forensics Basics: A Practical Guide Using Windows OS, Nihad A. Hassan, Publisher(s): Apress/ O'Reilly, ISBN 9781484238387, 2019
RequiredTextbookDigital Forensics with Kali Linux, Shiva V. N. Parasram, Packt Publishing / O"Reilly, Second Edition, ISBN 9781838640804, 2020
RequiredWebsitehttp://www.oba.org/en/pdf_newsletter/e-discoveryguidelines.pdf Ontario Bar Association eDiscovery guidelines
OptionalTextbookDigital Forensics for Pentesters - Hands-On Learning, Cliff Krahenbill, Packt Publishing, ISBN 9781803231969, 2021
OptionalWebsiteDigital Forensics and Cyber Crime with Kali Linux Fundamentals https://sher.ent.sirsidynix.net/client/en_GB/default/search/detailnonmodal/ent:$002f$002fSD_ILS$002f0$002fSD_ILS:1390255/one
OptionalWebsiteLitigation Support Blog https://www.litigationsupportguru.com/blog/

Applicable student group(s): FCAPS-Program(s): Cyber Security - Defensive
Course Details:

Module 1: Introduction to Cyber Forensics 

Computer forensics fundamentals and career paths 

Code of ethics 

Initial preparation of systems for evidence collection 

(Quiz 1 15%) 

 

Module 2: Storage media analysis 

Approach and process of investigation 

Storage media analysis 

Storage media forensic toolkit 

(Quiz 2 15%) 

 

Module 3: System analysis – Windows and Unix Systems  

Windows filesystem and encryption review 

Linux filesystem and process execution review 

Virtual Machine and Network Forensics 

(Disk forensic analysis and report 15%) 

(Mid-term exam 20%) 

 

Module 4: Conducting forensic review 

Live image acquisition 

Forensic assessment of the acquired samples 

Deep-level forensic investigation 

(Remote acquisition and network forensics 15%) 

 

Module 5: eDiscovery and forensics governance 

Introduction to eDiscovery and associated Canadian Cyber Security legal requirements 

Predictive eDiscovery with the help if AI 

End-to-end eDiscovery execution – case study 

(Final exam 20%) 

Sheridan Policies

It is recommended that students read the following policies in relation to course outlines:

  • Academic Integrity
  • Copyright
  • Intellectual Property
  • Respectful Behaviour
  • Accessible Learning
All Sheridan policies can be viewed on the Sheridan policy website.

Appropriate use of generative Artificial Intelligence tools: In alignment with Sheridan's Academic Integrity Policy, students should consult with their professors and/or refer to evaluation instructions regarding the appropriate use, or prohibition, of generative Artificial Intelligence (AI) tools for coursework. Turnitin AI detection software may be used by faculty members to screen assignment submissions or exams for unauthorized use of artificial intelligence.

Course Outline Changes: The information contained in this Course Outline including but not limited to faculty and program information and course description is subject to change without notice. Nothing in this Course Outline should be viewed as a representation, offer and/or warranty. Students are responsible for reading the Important Notice and Disclaimer which applies to Programs and Courses.
[ Printable Version ]

Copyright © Sheridan College. All rights reserved.