UAB's Department of Justice Sciences and Department of Computer & Information Sciences partner together to offer a Certificate in Computer Forensics.
Graduate students who obtain the Certificate in Computer Forensics are being trained to have all of the skills necessary for a successful career as a CyberCrime Investigator or as a Computer Forensics Examiner. Each of the courses in the Certificate was other added or created because of the contribution it would make in preparing someone for that career.
CS536 - Computer Security
This course addresses the core of Computer Security that will be understood by the systems and network administrators with which our graduates will regularly interact. Understanding the secure design and implementation of systems will prepare the future Investigator or Examiner with the ability to understand where the evidence of a crime may be, and what vulnerabilities may be exploited in the commission of a computer crime.
CS534 - Internetworking and Intranets
The language of the Internet may be English, but the protocol of the Internet is TCP/IP. This course addresses that protocol in depth and the design and implementation of TCP/IP based systems. A thorough understanding of TCP/IP will allow the future Investigator or Examiner to directly interact with logfiles, network captures, and routing tables and understand the fundamental activities that are necessary to comprehend Internet-based crime.
CS535 - Network Programming
Our Computer Forensics program acknowledges that we train both tool-users and tool-makers. For those with strong Computer Science backgrounds, Network Programming will provide the background that will allow the creation of network-based programs that may supplement an investigators toolkit.
CS536 - Network Security
In the same way that Computer Security will prepare the future Investigator to understand the security (and vulnerabilities) of systems, the Network Security class will prepare them to understand evidence the secure design of networks, including where evidence of a network-based crime may be found, and what vulnerabilities may be present on a network that a criminal may exploit.
JS502 - Introduction to Computer Forensics - (taught by Gary Warner)
This course is not a "hands-on" course, but it is one of the most fundamental classes to the entire Certificate. This class provides a fundamental understanding of how digital evidence must be gathered, analyzed, and processed in order to accomplish its ultimate objectives in the investigation or the court room. Without an understanding of the role evidence will eventually play in the court room and how the evidence will be scrutinized, technologists can make fundamental errors that invalidates their evidence.
JS675 - Law, Evidence, and Procedure
This course provides an overview of how our criminal justice system works. It is important that our certificate recipients understand not just technology, but the legal system as well.
JS670 or JS679 - Elements of (or Seminar in) Forensic Science
While our students will likely work in "Cyber" jobs, the principles of Forensic Science, including trace evidence, and "wet lab" forensics of chemistry, blood and DNA, have important principles in evidence classification, testing, and analysis that are important skills for Computer Forensics as well. Exposing our students to the more established forensic sciences provides a proper mindset for the handling of evidence and will help advance Computer Forensics as scientific field.
CS537/JS537 - Cyber Crime & Forensics (taught by Gary Warner)
We divide Computer Forensics into two major categories - "Media Forensics" and "Network Forensics". This course addresses "Media Forensics" in depth, with hands-on activities throughout the entirety of the class. "Media" is anything that can hold a data file, and "Media Forensics" examines all the ways that we can interact with Media as evidence, including duplicating media, recovering deleted or damaged files, understanding file systems, examining a Windows Registry, understanding filetypes, and putting all of that together into a Case Management System. While the course focuses on practical application of theory through basic open source tools and commands, it culminates with hands-on experience with enCase.
JS515/CS591 - Investigating Online Crime (taught by Gary Warner)
This is the "Network Forensics" class to complement the above "Media Forensics" class. In this class the focus is on the use of Open Source Intelligence and Network-based data to analyze and investigate crime. Students work in a hands-on environment looking at phishing, malware, hacking, and cyber-espionage cases, but also using Open Source Intelligence techniques to analyze traditional crimes with online evidence. Tools used in the course include "i2 Analysts Notebook" and the open-source intelligence tool, Maltego from Paterva.
CS516 - Digital Documents, Security and Intellectual Property
When investigators are faced with an Intellectual Property case, there are many challenges that they may have to overcome being able to prove the order of creation, or derivative properties of a computer file or system of files in the case of software products. This course will prepare the Investigator for many sorts of cases where the essentials of the case are revealed by a deeper understanding of computer files.
