Date of last update: 12/5/2021

Change to recommend reading of text a Unit before lab.

Digital Forensics and Hacking Investigation
CIS 104.63Z (CRN: 34925) – Hybrid Course, Winter, 2022
Online class.
Office hours via Zoom and e-mail
COURSE DESCRIPTION
This is an “asynchronous” online course in which you will be given weekly laboratory assignments and quizzes
to complete. You are encouraged to work more quickly than the schedule that is specified for this course
but will not receive credit if you work more slowly than the scheduled deadline dates. The course is an
introduction to computer cybercrime and hacking investigation processes. Topics include computer forensics
tools, hacking investigation tools, data recovery, information gathering techniques, computer data preservation
techniques, and computer cybercrime investigation techniques. System administrators, security professionals,
IT staff, and law enforcement personnel, would benefit from taking this course. This course can help prepare
students to pass computer forensics certification examinations, such as the EC-Council Computer Hacking
Forensic Investigator (CHFI) or the Certified Forensic Computer Examiner
(CFCE) credential.
The Canvas class will not be available to you until the day before the official class start date (12:01 AM on
1/2/2022). The bulk of the class on Canvas will remain invisible until you have completed the “student
contract” in which you verify that you have read and understand the content of this syllabus with regard to the
way the class will work.
PREREQUISITE SKILLS
Advisory: EWRT 200 and READ 200 (or LART 200), or ESL 261, 262 and 263; CIS 108.
INSTRUCTOR INFORMATION:
Instructor: Leonard (Len) Fisk
Office Hours:
Via the CIS 104 Zoom meetings on the class Canvas page from 4:00 to 5:00 PM every Tuesday and
Thursday beginning 1/4/2022 through 3/24/2022. This conference can be managed as a simple texting
application, although I much prefer you to use audio and video.
Via e-mail: I can be reached virtually any time via e-mail (see below for address). Please send e-mail only to
the address shown and use CIS104 in the subject line to ensure that I will get the mail in a timely manner.
E-mail address: mailto:fisklen@fhda.edu
Canvas Website: I will post updates and changes to this class at that site. Various other links may be added
and assignment changes may be uploaded to it as well. It will be the center point for communications about the
course.
REQUIRED COURSE MATERIALS
Textbook: Digital Forensics, Investigation, and Response, 4th Edition, by Chuck Easttom
Purchasing text and lab materials: You can purchase textbooks and access to the virtual labs required for the
course at the De Anza bookstore, and these should be available by 1/2/2022. If you would prefer a hard-copy
paperback version of the textbook, the bookstore will have copies for purchase as well as digital copies. In
addition, you can purchase both directly from Jones & Bartlett Learning, their phone number and email are
(800) 832-0034 ext. 8197, and customerservice@jblearning.com – their ISBNs are shown below.
Please note that access to the virtual lab is unique for each person and cannot be shared: i.e., the code you
purchase will belong to you and to you alone.
The bookstore will sell you a packet, or any of the following items:
• e-Book with Lab Access: Digital Forensics, Investigation, and Response, 4th Edition, by Chuck Easttom
(ISBN: 978-1-284-24450-2), or
• Paperback text with Lab Access: Digital Forensics, Investigation, and Response, 4th Edition, by Chuck
Easttom (ISBN: 978-1-284-24448-9), or
• Lab Access only (no text), assuming you have access to a copy of the 4th Edition of the text (ISBN: 978-1-
284-24451-9) (this option is NOT recommended unless you already have access to a copy of the text).
Please note that the specific code needed to access the virtual laboratory MUST be purchased, otherwise
you cannot participate in the class.
To redeem your access code to the JBL Virtual Security Cloud Lab, do the following:
1. Go to the Canvas page for this course.
2. Click on the “Access to Lab 0n” link at bottom of any of the “Unit 0n Lab: “ links found in each of the
10 course modules except the first, which may allow access prior to purchase of the access code.
3. When prompted, enter the access code you purchased with the textbook (a 10 digit- access code if it is
the same as it was for me in October).
4. Once your access code has been validated, you will have access to the virtual laboratory via any of the
“Access to Lab 0n” links found on the Canvas page for CIS 104 for the length of your subscription,
which is about 6 months. To assure that you retain access to the labs, I have set up the Canvas course to
remain open for you for a full 6 months.
If your code doesn't work or you are unable register, please contact our tech support specific for the virtual labs
and lecture presentations at www.jblcourses.com/techsupport.
REQUIRED COMPUTER COMPONENTS AND AVAILABILITY
You will need a broadband Internet connection (the faster the better!) if you wish to work at home.
Hardware Requirements: A PC computer is recommended to run the Jones and Bartlett software to access
the labs for this course. (Apple Macs may be used, although you may have to load virtual PC keyboards to
allow you to do some labs, which may require keys for either Linux or Windows machines.) If you do not own
a PC, you may be able to use the De Anza lab computers in ATC 203 (see “Computers in the De Anza Labs”,
below).
Software: (1) You will need a web browser (preferably Chrome) to access the Canvas and virtual laboratory
sites. The purchased Lab Access Code will allow access to the Jones & Bartlett Virtual Lab environment that
accompanies the Digital Forensics, Investigation, and Response book, and all the software used will be located
on their virtual lab servers. (2) You will need Acrobat Reader to view your labs once they are graded. (3) You
may also need Microsoft PowerPoint if you wish to earn Extra Credit points via a presentation.
Computers in the De Anza Labs: If you do not have a broadband-connected computer with the proper
software, you can use our CIS lab computers. For CIS computer lab hours, see
https://www.deanza.edu/buscs/labs.html. Please note that the ATC lab computers are not equipped with either

Page 2 CIS 104

microphones or speakers, so you will need to provide headphones if you plan to listen to the lectures there. I
simply use a headset with a boom microphone that has a USB jack and works fine in the ATC 203 lab for both
recording and listening. Cell phone headsets with microphones will not work unless you have a “Y” adapter to
split the microphone and headphones into separate audio jacks.
COURSE OBJECTIVES
Upon completion of this course, you will be able to use a personal computer and understand the following
personal computer objectives. By the close of the course, the student will have/be able to
Explore the forensics profession
Analyze examples of computer crime
Investigate forensic methods and labs
Learn how to collect, seize, and protect evidence
Explore e-mail forensics
Analyze Windows forensics
Examine mobile forensics
STUDENT LEARNING OUTCOMES FOR THIS COURSE:
Demonstrate data recovery and cybercrime forensics investigation techniques.
ATTENDANCE POLICY
By midnight Friday of the second week of the course (1/14/2022) you must have purchased the text and begun
to access the Canvas course site. You must also have completed the quiz entitled “Student Contract for CIS
104”. Failure to do so may result in a DROP. Friday, January 14 is also the due date for the first lab. You will
have a 5-day reprieve on handing in Labs, although you will forfeit points when they are late.
Students who wish to drop this class must follow the De Anza College drop procedures. The Drop calendar
deadlines can be found at https://www.deanza.edu/calendar. Do not assume you will be automatically dropped
from this course. If you intend to drop the course, you must drop yourself!
WAYS TO EARN POINTS TOWARD A GRADE
This course will require weekly, hands-on lab assignments in which you will be using forensic software. You
will take 10 quizzes and a final exam. Finally, in addition to these graded activities, you be given the
opportunity to earn additional “extra credit” points by doing extra Lab work, and by researching and presenting
additional information about tools and various forensic and recovery issues currently being discussed in the
press and on the web to the class. The maximum possible points are summarized in the table shown below.
Source number points total
Laboratory assignments (Sections 1 & 2 reports) 10 20 200
Extra Credit Laboratory assignment (Section 3 reports) 10 10 100
Quizzes (questions on both labs and readings) 10 10 100
Final 1 100 100
Extra Credit Forensic/Security News 5 15 75
Total points possible (400 w/o Extra Credit): 575

Page 3 CIS 104

TESTING/GRADING POLICIES/FINAL GRADES
To pass this course, you must complete the assignments plus quizzes plus final exam. I will calculate the
percentage of the total available 400 points that you have earned after adding all your earned points. Deadlines
for all assignments will be posted via Canvas and this syllabus.
Final Grading Scale:
A+ 96%-100%
A 93% -95%
A- 90%-92%
B+ 87%-89%
B 83%-86%
B- 80%-82%
C+ 77%-79%
C 70%-76%
D+ 67%-69%
D 63%-66%
F 0%-62%
Final Grade Mix:
The following percentages reflect how the final grade will be determined:
Lab Assignments 50 %
Quizzes 25%
Final Exam 25%
Extra Credit 44%
Total 144%

SUBMITTING WEEKLY LABORATORY ASSIGNMENTS

This course uses a virtual laboratory environment provided by Jones & Bartlett to conduct laboratory exercises,
and all the labs will require access to this environment. All course information, including assignments, course
deadlines, etc. will be made available to you online via the De Anza Canvas web site. When you enter the
online course site in Canvas, you will find the assignments that you will be asked to complete listed within each
class week of the quarter. The actual course schedule and due dates for exams and assignments are subject to
change and will be posted in the schedule in this course syllabus on the Canvas site. Each week’s lab
assignment will entail using the virtual environment to do some screen captures and answer specific questions,
all within the virtual environment. You will download the reports you have assembled in the lab environment
from the virtual environment servers as PDFs and post them to Canvas for scoring. After I have scored them, I
will post your score and a commented copy of your lab at the same place you submitted it in Canvas.
Each Lab will have both a “due date” and a “deadline” date associated with it. The “deadline” date represents
the date beyond which no labs will be accepted by Canvas for scoring. Your job is simply to stay ahead of the
“due dates” (and most critically, the “deadline” dates beyond which work will not be accepted).
Late Work
Lab reports will be accepted by Canvas after the due date according to the following rules: Ten percent (10%)
of the maximum possible points will be subtracted for each working day (24 hours) the assignment is late. This
Page 4 CIS 104
will continue until 5 days have elapsed when the points total will drop to zero, and no credit will be earned. If
you have clear and compelling reasons for not getting an assignment in on time, please let me know on or
before the day it is due, and I will arrange an extension for you. Quizzes must be completed before the date
specified in Canvas and cannot be taken after the deadline. If you fail to submit a lab by the “deadline
date”, or fail to take a quiz, you will not receive credit for it.
Extra Credit Assignments:
There are two ways you can earn extra credit points: (1) by posting correct captures and answers to questions
for Section 3 of the virtual lab as a part of your regular lab report submission, and (2) by submitting PowerPoint
presentations augmented by voice recordings on topics that you choose and seek approval for before doing. All
Extra Credit work will be submitted via Canvas.
Audio-augmented PowerPoint presentations for Extra Credit: Unlike the lab extra credits, this form of
extra credit will be prepared as an audio-augmented PowerPoint, with a recording of your voice doing the
presentation, which I will post for the full class to access. (Even older versions of PowerPoint permit the
recording of your voice for presentations: all you need is a laptop with a built-in microphone, or an external
microphone with either USB or audio jack.) You will upload a PowerPoint presentation that has been
augmented with your own voice recording explaining each slide, with no more than 10-minutes time being
taken for the full presentation.
Extra credit presentations will be posted on topics that are truly substantive and target specific security issues
pertinent to this course. If you have a topic that you think would be an interesting Extra Credit presentation
(there are many at this moment, considering the importance that hacking has had in recent elections, just send
me a proposal that details what you wish to present in specific terms, and I will reply with a judgment (most
often “go for it!”). You then prepare the presentation and post it on Canvas. I will accept a maximum of only 5
Extra Credit presentation submissions per week (first come-first served), and you cannot submit any more than
one per week. I will accept a maximum of 5 Presentation Extra Credits from any one person.
The Sequence of Events for Finishing Each Unit:
Initially, you will find that the Canvas page looks rather empty. The reason is that subsequent portions of the
course will become visible and available to you when you finish the “student contract,” which is really a
“yes/no” answer quiz that verifies that you understand the class requirements. There will be 10 units associated
with specific chapters in the text and specific Laboratory exercises, as shown in the table below:
Unit Sequence Table:
Unit/Week Lecture / Lab Topic Reading
Unit 1/ Wk. 1 Intro, syllabus / Applying the Daubert Standard to Forensic Evidence Chpt 1&2
Unit 2/ Wk. 2 Common Forensic Methods & Tools / Recognizing Use of Steganography Chpt 3 & 15
Unit 3/ Wk. 3 Collecting and Protecting Evidence / Recovering Deleted Files Chpt 4
Unit 4/ Wk. 4 Hiding, Scrambling Evidence / Incident Response Investigation Chpt 5&6
Unit 5/ Wk. 5 Incident and Intrusion Response / Forensics on Windows Systems Chpt 7
Unit 6/ Wk. 6 Windows Forensics / Forensics on Linux Systems Chpt 8
Unit 7/ Wk. 7 Linux and Mac Forensics / Forensics on E-mail and Chat Logs Chpt 9 & 10
Unit 8/ Wk. 8 E-mail and Mobile Forensics / Forensics on Mobile Devices Chpt 11&12
Unit 9/ Wk. 9 Network Forensics / Forensics on Network Infrastructure Chpt 13
Unit 10/ Wk. 10 Memory Forensics / Forensics on System Memory Chpt. 14
Wk, 11 Finish Lab(s) & Prepare for Final
Wk. 12 FINAL - (120 items, 110 min) 4:00 PM -12:00 midnight, 3/25, online All Chapters

Page 5 CIS 104

For each unit, the materials should be accessed and completed in the required order and must be completed
before the listed “deadline” dates. The following sequence is recommended:
1. Read the Chapter(s) for this Unit (it would be wise to stay a unit ahead in the reading and in watching
lectures because the labs often related to the next lecture topic).
2. Watch my lecture for this Unit (see my comment in the above item).
3. Do the Lab Sections 1 & 2 for this Unit, doing all required text answers and captures for Sections 1 & 2.
(This is the required portion.)
4. Do Lab Section 3 for this unit if you wish to earn extra credit.
5. Download your completed lab from the virtual lab server as a PDF and submit it to Canvas at the link
labelled “Lab 0n upload link, “.
6. Do the “self-test” T/F Quiz for the Unit to determine how well you are prepared for the Unit quiz (this is
scored, but no scores are recorded, so that you are the only person to know how well you did).
7. Take the Unit Quiz. It is best to have completed the Laboratory before you take the unit Mastery Quiz
because the questions will cover both text and lab.
8. Once you have completed each unit by taking the Quiz, you will find that a “Final Practice Quiz” for
this unit has opened at the bottom of the Canvas page for this class. This “Final Practice Quiz” is not
graded but contains a set of questions drawn from the same pool as the Quiz and Final questions and
will allow you to take it repeatedly to prepare for the final.
You may miss the graded Quiz and/or Lab Report “deadline” dates. If you do, and have not made prior
arrangements, Canvas will not allow the Quiz to be taken, and I will not accept your lab score. You must
simply accept that these will be recorded as zeroes in your course gradebook.
ACADEMIC INTEGRITY:
Students who submit work of others as their own or cheat on exams or other assignments will receive a failing
grade and will be reported to college authorities.
Note to students with disabilities
If you have a disability-related need for reasonable academic accommodations or services in this course,
provide your instructor with a Test Accommodation Verification Form (also known as a TAV form) from
Disability Support Services (DSS) or the Educational Diagnostic Center (EDC). Students are expected to give a
five day notice of the need for accommodations. Students with disabilities can obtain a TAV form from their
DSS counselor (864-8753 DSS main number) or EDC advisor (864-8839 EDC main number).
TECHNICAL DIFFICULTIES
If you have technical problems with the J&B virtual laboratory, please contact the Jones and Bartlett Technical
Support staff directly at customerservice@jblearning.com or if the problem stems from a client software glitch
in your personal computer you can complete your course work using the computers in the CIS lab. For
problems with Canvas, please contact Canvas support at 1-408-864-8969.

Page 6 CIS 104

 SCHEDULE/CALENDAR
Unit/ Lab due
Date Topic Reading Quiz deadline
Week date/deadline date

1 1/2-1/8/2022 Intro, syllabus, Introduction to Forensicse Chpt 1&2

Lab 1, midnight Quiz 1: midnight
2 1/9-1/15/2022 Using Common Forensic Methods and Tools Chpt 3&15
1/14/2022-1/19/2022 1/20/2022
Lab 2, midnight Quiz 2: midnight
3 1/16-1/22/2022 Collecting, Seizing and Protecting Evidence Chpt 4
1/21/2022-1/26/2022 1/27/2022
Lab 3, midnight Quiz 3: midnight
4 1/23-1/29/2022 Hiding, Scrambling & Recovering Evidence Chpt 5&6
1/28/2022-2/2/2022 2/3/2022
Lab 4, midnight Quiz 4: midnight
5 1/30-2/5/2022 Incident Handling and Intrusion Response Chpt 7
2/4/2022-2/9/2022 2/10/2022
Lab 5, midnight Quiz 5: midnight
6 2/6-2/12/2022 Windows Forensics Chpt 8
2/11/2022-2/16/2022 2/17/2022
Lab 6, midnight Quiz 6: midnight
7 2/13-2/19/2022 Linux and Mac Forensics Chpt 9&10
2/18/2022-2/23/2022 2/24/2022
Lab 7, midnight Quiz 7: midnight
8 2/20-2/26/2022 E-mail and Mobile Forensics Chpt 11&12
2/25/2022-3/2/2022 3/3/2022
Lab 8, midnight Quiz 8: midnight
9 2/27-3/5/2022 Network Forensics Chpt 13
3/4/2022-3/9/2022 3/10/2022
Lab 9, midnight Quiz 9: midnight
10 3/6-3/12/2022 Memory Forensics Chpt. 14
3/11/2022-3/16/2022 3/17/2022
Lab 10, midnight Quiz 10: midnight
11 3/13-3/19/2022 Study for Final
3/18/2022-3/23/2022 3/24/2022
12 3/25/2022 FINAL - (120 min) 4:00-11:59 PM, Chapters 1-15 FINAL

Page 7 CIS 104