Course Information

Course Title	Code	Semester	L+U Hour	Credits	ECTS
COMPUTER SYSTEMS	55499005		2 + 2	3.0	8.0

Prerequisites

None

Language of Instruction	Turkish
Course Level	Graduate Degree
Course Type	Compulsory
Mode of delivery
Course Coordinator
Instructors	Refik SAMET
Assistants
Goals	The aim of the course is to give information about the incident investigation process, data collection, storage, transmission, analysis and reporting hardware and software to be used in this process and to have applications.
Course Content	Understanding File Systems and Hard Disks, Understanding Digital Media Devices, Windows, Linux, and Macintosh Boot Processes, Windows Forensics I, Windows Forensics II, Linux Forensics, Application Password Crackers.
Learning Outcomes	1) Students understand the evidence investigation and data collecting process. 2) Students understand the structure and operation of data storage devices. 3) Students understand how to collect temporary and permanent data in Windows Operating System environment.

Weekly Topics (Content)

Week	Topics	Teaching and Learning Methods and Techniques	Study Materials
1. Week	CHAPTER 1: Understanding File Systems and Hard Disks Disk Drive. Hard Disks.	Lecture; Question Answer; Discussion Opinion Pool Project Based Learning	Homework
2. Week	CHAPTER 1: Understanding File Systems and Hard Disks: Understanding File Systems.	Lecture; Question Answer; Discussion Opinion Pool Project Based Learning	Homework
3. Week	CHAPTER 2: Understanding Digital Media Devices: Understanding Digital Media Devices.	Lecture; Question Answer; Discussion Opinion Pool Project Based Learning	Homework
4. Week	CHAPTER 2: Understanding Digital Media Devices: Understanding Digital Media Devices.	Lecture; Question Answer; Discussion Opinion Pool Project Based Learning	Homework
5. Week	CHAPTER 3: Windows, Linux, and Macintosh Boot Processes: Introduction to Boot Processes.	Lecture; Question Answer; Discussion Opinion Pool Project Based Learning	Homework
6. Week	CHAPTER 3: Windows, Linux, and Macintosh Boot Processes: Boot Processes.	Lecture; Question Answer; Discussion Opinion Pool Project Based Learning	Homework
7. Week	CHAPTER 4: Windows Forensics I: Volatile Information. Nonvolatile Information. Windows Memory Analysis. Inside the Windows Registry. Cache, Cookie, and History Analysis in Internet Explorer. MD5 Calculation.	Lecture; Question Answer; Discussion Opinion Pool Project Based Learning	Homework
8. Week	CHAPTER 4: Windows Forensics I: Recycle Bin. Prefetch Files. Shortcut Files. Word Documents. PDF Documents. Graphics Files. File Signature Analysis. NTFS Alternate Data Streams. Executable File Analysis. Metadata.	Lecture; Question Answer; Discussion Opinion Pool Project Based Learning	Homework
9. Week	CHAPTER 5: Windows Forensics II: Understanding Events. IIS Logs. Using EnCase to Examine Windows Event Log Files. Windows Event Log File	Lecture; Question Answer; Discussion Opinion Pool Project Based Learning	Homework
10. Week	CHAPTER 5: Windows Forensics II: Understanding Windows Password Storage. Cracking Windows Passwords Stored on Running Systems. Exploring Windows Authentication Mechanisms. Cracking Offline Passwords.	Lecture; Question Answer; Discussion Opinion Pool Project Based Learning	Homework
11. Week	CHAPTER 6: Linux Forensics: Linux. Linux Forensics. Floppy Disk Analysis. Hard Disk Analysis.	Lecture; Question Answer; Discussion Opinion Pool Project Based Learning	Homework
12. Week	CHAPTER 6: Linux Forensics: Linux. Linux Forensics. Floppy Disk Analysis. Hard Disk Analysis.	Lecture; Question Answer; Discussion Opinion Pool	Homework
13. Week	CHAPTER 7: Application Password Crackers: Introduction to Application Password Crackers. Password Terminology.	Lecture; Question Answer; Discussion Opinion Pool Project Based Learning	Homework
14. Week	CHAPTER 7: Application Password Crackers: Introduction to Application Password Crackers. Password Terminology.	Lecture; Question Answer; Discussion Opinion Pool Project Based Learning	Homework
	Review	Lecture; Question Answer; Discussion Project Based Learning	Presentation (Including Preparation Time)

Sources Used in This Course

Recommended Sources

1Computer Forensics: Investigating Hard Disks, File and Operating Systems , EC-Council Press, Cengage Learning, 2010.

Türkay HENKOĞLU, Adli Bilişim: Dijital Delillerin Elde Edilmesi ve Analizi, 2. Baskı, Pusula, 2014.

Relations with Education Attainment Program Course Competencies

Program Requirements	Contribution Level	DK1	DK2	DK3
PY1	5	5	5	5
PY2	5	5	5	5
PY3	5	3	4	4
PY4	5	0	0	0

*DK = Course's Contrubution.

	0	1	2	3	4	5
Level of contribution	None	Very Low	Low	Fair	High	Very High

ECTS credits and course workload

Event	Quantity	Duration (Hour)	Total Workload (Hour)
Course Duration (Total weeks*Hours per week)	14	4	56
Work Hour outside Classroom (Preparation, strengthening)	14	2	28
Activity (Web Search, Library Work, Trip, Observation, Interview etc.)	3	2	6
Practice (Teaching Practice, Music/Musical Instrument Practice , Statistics, Laboratory, Field Work, Clinic and Polyclinic Practice)	2	4	8
Midterm Exam	2	2	4
Time to prepare for Midterm Exam	2	10	20
Final Exam	1	2	2
Time to prepare for Final Exam	1	20	20
Total Workload
Total Workload / 30 (s)
ECTS Credit of the Course			30

Quick Access

Forensic Informatics (MS)
Non Thesis (Evening Education)

Course Information

Course Information
Weekly Topics (Content)
Sources Used in This Course
Relations with Education Attainment Program Course Competencies
ECTS credits and course workload

Course Information

Course Information

Weekly Topics (Content)

Sources Used in This Course

Relations with Education Attainment Program Course Competencies

ECTS credits and course workload

Quick Access

Forensic Informatics (MS) Non Thesis (Evening Education)

Course Information

Forensic Informatics (MS)
Non Thesis (Evening Education)