The Information Technology major has recently introduced a new track in Computer Forensics (CF).  Below is information about two track courses being offered this fall semester in this area.  Both are requirements in the CF track available to IT majors; and IT 421 will also count in the elective area of the MSIS concentration area for Management Majors (and if this course does not show as an option for you on your audit, please see a CM advisor so that we can update your audit for you).

IT 221: Computer Forensics II

PRE REQUISITES: MSIS 110 or IT 110 or permission of the Instructor
FALL 2013 COURSE: Monday & Wednesday 10:00-11:15 AM with Professor Kim – course registration number is 14541
Course counts in the BI track for IT majors

DESCRIPTION
This course is designed to expose students to advanced concepts in digital/computer forensic analysis. As with Computer Forensics I, there will be a balance between legal and technical aspects, although this course will focus more on the use of specific tools. For example the students will practice Disk and other digital device analysis using professional proprietary widely-used software tools such as Encase.

IT 421: Malware Analysis

PRE REQUISITES: MSIS 110 or IT 110; and IT 244
FALL 2013 COURSE: Tuesday 5:30-8:15 PM with Professor Kuilboer – course registration number is 3999
Course counts in the BI track for IT majors AND the MSIS concentration for Management Majors

DESCRIPTION AND RELATED INFORMATION
This course provides students with an effective immersion into the realm of Malware Analysis and Reverse Engineering. It follows a progressive approach that introduces relevant concepts and techniques while preparing the students to become effective malware analysts that can use a standard methodology for detecting, analyzing, reverse engineering and eradicating malware.

The course teaches practical approaches to examining malicious programs [e.g Virus, Worm, Spyware, Bots, Trojans, Adware, Backdoor, and Rootkits] that target or run on Microsoft Windows. We will also looks at understanding Web-based malware, such as JavaScript, VBscript, and Flash files, as well as malicious document files. By the end of the course, you’ll learn how to reverse-engineer malicious software using a variety of system and network monitoring utilities, disassembler, debugger, and other open-source and commercial tools for turning malware inside-out!

The scope of this course includes:

– Introduction to Malware Analysis.
– Malware Analysis Labs on both Windows and Linux platforms.
– Methodology to detect, analyze, reverse-engineer, and eradicate malware.
– Malware Analysis Applications.
– Forensics tools used for Malware Analysis

Course Objectives:
This course will equip students with the necessary background knowledge in order to become effective Malware Analysis & Reverse Engineering practitioners. Upon successful completion of this course, students should be able to:

– Develop a good understanding of Malware Analysis.
–  Identify the different types of Malware Analysis methods.
–  Gain a broad exposure to real world applications of Malware Analysis.
–  Set up a relatively inexpensive lab for Malware Analysis activities.
–  Utilize a standard methodology for detecting, analyzing, reverse engineering, and eradicating malware.
–  Use a Malware Analysis based approach in order to resolve real world problems.
– Recognize common malware characteristics.
– Bypass some of the advanced malware techniques, such as packing, obfuscation and anti-analysis of armored malware breeds

While computer security focuses on the prevention and detection of security risks, computer forensics provides the post-facto analysis of a computer breach. It does not remedy the damage already done but aims at understanding the attack vector and provide the intelligence to harden the computer systems and fend off future attacks. In the legal environment malware analysis will supply the evidence necessary to prosecute the hacker who perpetrated the attack.

A malware analysis course prepares forensic investigators, incident responders, and malware specialists to reverse-engineer malicious software using practical tools and hand-on techniques. This advanced course provides a rounded approach to reverse-engineering by covering both behavioral and code phases of the analysis process. As a result, the course makes malware analysis accessible even to individuals with a limited exposure to programming concepts and experience with Assembly Language. The materials do not assume that the students are familiar with malware analysis; however, the complexity of concepts and techniques increases as the course progresses.

The malware analysis process taught in this class helps incident responders assess the severity and repercussions of a situation that involves malicious software. It also assists in determining how to contain the incident and plan recovery steps. Forensics investigators also learn how to understand key characteristics of malware present on compromised systems, including how to establish indicators of compromise (IOCs) for scoping and containing the intrusion.

Students should find this course particularly useful if they have career aspiration aiming at responsibilities in the areas of incident response, forensic investigation, Windows security, and system administration.