Course Information


Course Information
Course Title Code Semester L+U Hour Credits ECTS
INVESTIGATING HARD DISK AND FILE AND OPERATING SYSTEMS 55497011 2 + 2 3.0 6.0

Prerequisites None

Language of Instruction Turkish
Course Level Graduate Degree
Course Type Compulsory
Mode of delivery
Course Coordinator
Instructors Refik SAMET
Assistants
Goals The aim of the course is to give information about the incident investigation process, data collection, storage, transmission, analysis and reporting hardware and software to be used in this process and to have applications.
Course Content Understanding File Systems and Hard Disks, Understanding Digital Media Devices, Windows, Linux, and Macintosh Boot Processes, Windows Forensics I, Windows Forensics II, Linux Forensics, Application Password Crackers.
Learning Outcomes 1) Students understand the evidence investigation and data collecting process.
2) Students understand the structure and operation of data storage devices.
3) Students understand how to collect temporary and permanent data in Windows Operating System environment.
4) Students learn and apply password cracking techniques.

Weekly Topics (Content)
Week Topics Teaching and Learning Methods and Techniques Study Materials
1. Week CHAPTER 1: Understanding File Systems and Hard Disks Disk Drive. Hard Disks. Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Storyline 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)
2. Week CHAPTER 1: Understanding File Systems and Hard Disks: Understanding File Systems. Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Storyline; Brain Based Learning 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)
3. Week CHAPTER 2: Understanding Digital Media Devices: Understanding Digital Media Devices. Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Storyline; Brain Based Learning 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)
4. Week CHAPTER 2: Understanding Digital Media Devices: Flash Memory Cards. Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Brain Based Learning 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)
5. Week CHAPTER 3: Windows, Linux, and Macintosh Boot Processes: Boot Processes. Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Storyline; Brain Based Learning 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)
6. Week CHAPTER 3: Windows, Linux, and Macintosh Boot Processes: Boot Processes. Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Storyline; Brain Based Learning 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)
7. Week CHAPTER 4: Windows Forensics I: Volatile Information. Nonvolatile Information. Windows Memory Analysis. Inside the Windows Registry. Cache, Cookie, and History Analysis in Internet Explorer. MD5 Calculation. Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Storyline; Brain Based Learning 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)
8. Week CHAPTER 4: Windows Forensics I: Recycle Bin. Prefetch Files. Shortcut Files. Word Documents. PDF Documents. Graphics Files. File Signature Analysis. NTFS Alternate Data Streams. Executable File Analysis. Metadata. Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Storyline; Brain Based Learning 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)
9. Week CHAPTER 5: Windows Forensics II: Understanding Events. IIS Logs. Using EnCase to Examine Windows Event Log Files. Windows Event Log File Internals. Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Storyline; Brain Based Learning 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)
10. Week CHAPTER 5: Windows Forensics II: Understanding Windows Password Storage. Cracking Windows Passwords Stored on Running Systems. Exploring Windows Authentication Mechanisms. Cracking Offline Passwords. Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Storyline; Brain Based Learning 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)
11. Week CHAPTER 6: Linux Forensics: Linux. Linux Forensics. Floppy Disk Analysis. Hard Disk Analysis. Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Storyline; Brain Based Learning 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)
12. Week CHAPTER 6: Linux Forensics: Data Collection. Linux Crash Utility. Commands. Linux Forensic Tools. SMART for Linux. Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Storyline; Brain Based Learning 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)
13. Week CHAPTER 7: Application Password Crackers: Introduction to Application Password Crackers. Password Terminology. Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Storyline; Brain Based Learning 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)
14. Week CHAPTER 7: Application Password Crackers: What is a Password Cracker? Password-Cracking Methods. System Password Cracking. Application Software Password Cracking. Default Password Databases. Password-Cracking Tools. Securing Passwords Lecture; Question Answer; Discussion
Brainstorming; Colloquium
Storyline; Brain Based Learning 		Practice (Teaching Practice, Music/Musical Instrument Practice, Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)

Sources Used in This Course
Recommended Sources
Computer Forensics: Investigating Data and Image Files.
Computer Forensics: Hard Disk and Operating Systems.
Computer Forensics: Investigating Hard Disks, File and Operating Systems , EC-Council Press, Cengage Learning, 2010.
Computer Forensics: Investigating Network Intrusions and Cyber Crime.
Computer Forensics: Investigating Wireless Networks and Devices .
Computer Forensics: Investigation Procedures and Response.
Digital Evidence and Computer Crime 2nd, Casey ISBN: 0121631044.
Hüseyin ÇAKIR, Mehmet Serkan KILIÇ, Adli Bilişim ve Elektronik Deliller, 1. Baskı, Seçkin, 2014.
Kruse and Heiser, Computer Forensics, Addison Wesley ISBN: 0201707195
Linda Volonino, Reynaldo Anzaldua, Jana Godwin, Computer Forensics: Principles and Practices, Pearson Prentice Hall, 2007.
Türkay HENKOĞLU, Adli Bilişim: Dijital Delillerin Elde Edilmesi ve Analizi, 2. Baskı, Pusula, 2014.

Relations with Education Attainment Program Course Competencies
Program RequirementsContribution LevelDK1DK2DK3DK4
PY155555
PY250000
PY350000
PY450000

*DK = Course's Contrubution.
0 1 2 3 4 5
Level of contribution None Very Low Low Fair High Very High
.

ECTS credits and course workload
Event Quantity Duration (Hour) Total Workload (Hour)
Course Duration (Total weeks*Hours per week) 14 4
Work Hour outside Classroom (Preparation, strengthening) 14 4
Activity (Web Search, Library Work, Trip, Observation, Interview etc.) 14 2
Practice (Teaching Practice, Music/Musical Instrument Practice , Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice) 2 4
Midterm Exam 2 2
Time to prepare for Midterm Exam 2 10
Final Exam 1 2
Time to prepare for Final Exam 1 20
Total Workload
Total Workload / 30 (s)
ECTS Credit of the Course
Quick Access Hızlı Erişim Genişlet
Course Information
  • Course Information
  • Weekly Topics (Content)
  • Sources Used in This Course
  • Relations with Education Attainment Program Course Competencies
  • ECTS credits and course workload