Expectations vs Reality - Digital Forensic Science Master's Degree Part 2

Continuation from Part 1 looking back at my coursework in the Master’s Degree in Digital Forensic Science. In this post, I’ll be talking about my second course at Champlain College.

DFS-501 Practice of Digital Investigations

Another introductory course that dived a little more into how to perform an investigation from beginning to end. The course used a fictional scenario of corporate espionage/data leakage as a grounding for all the assignments and discussions. The final assignmens of this course resulted in a paper on a Forensic Methodology for investigations and a technical forensic report of our findings.

The course also focused on talking about the importance of validating and comparing forensic tools. Making sure that they work as expected and continue to work as new versions are released. The class had some good discussions on this topic and I took lessons from my professional background as a developer. My question about leveraging automated testing in tool validation was never adequately answered in the discussion. It is something I’ve started to explore using my Notepad State Library as a test bed.

Another topic was the use of peer review for reports and results. Again, I likened this to code reviews and partner coding in the development world. Some great discussions sometimes centering on the legal implications of discovery on reports and peer review.

I enjoyed this class. The scenario that we investigated allowed me to use various tools, compare the results from different tools, and produce a report was very fun.

Software Used

• SafeBlock
• FTK Imager
• Magnet ACQUIRE
• SANS SIFT
• Sysinternals Tools
• Volatility
• RegRipper
• KAPE