12/24/24, 1:32 PM about:blank

K L Deemed to be University
Department of Computer Science and Engineering-Honors -- KLAZIZ
Course Handout
2024-2025, Even Sem
Course Title :DIGITAL FORENSICS
Course Code :22CSB3304A
L-T-P-S Structure : 3-0-4-4
Pre-requisite :
Credits :6
Course Coordinator :Savadam Balaji
Team of Instructors :
Teaching Associates :
Syllabus :Digital Forensics and Incident Analysis: History of Forensic Science, Locard's exchange principle,
Crime Reconstruction, Investigations, Evidence Dynamics. Digital Forensics and its Environment: Forensic
Soundness and Fundamental Principles, Digital Forensics. The Digital Forensics Process, Types of Evidence,
Evidence Collection Order, Chain of Custody, Data Integrity and Preservation, Attack Attribution, The MITRE
ATT&CK Framework, The Cyber Kill Chain, The Diamond Model of Intrusion Analysis, Incident Response,
NIST Incident Response Life Cycle. OS and File Systems Forensics: Describing computers and the nature of
digital information, operating systems, describing filesystems that contain evidence, locating evidence in
filesystems, explaining password security, encryption, and hidden files. Digital Evidence: Defining digital
evidence and its characteristics, the technical complexities of digital evidence, Determining the value and
admissibility of digital evidence, Case study: linking the evidence to the user. Network Monitoring and Tools:
Introduction to Network Monitoring, Network Security Topology, Network Monitoring Methods, Network
Taps, Traffic Mirroring and SPAN, Network Security Monitoring Tools, Network Protocol Analysers,
NetFlow, SIEM and SOAR, IP Vulnerabilities, ICMP Attacks, Amplification and Reflection Attacks, Address
Spoofing Attacks, TCP Attacks, UDP Attacks, Defence-in-Depth, Assets, Vulnerabilities, Threats, The Security
Onion, and The Security Artichoke. Examining Browsers, E-mails, Messaging Systems, and Mobile Phones,
Locating evidence from Internet browsing, Messaging systems, E-mail analysis and the processing of large e-
mail databases, Ontologies for Mobile and Embedded Forensics, The rowing challenge of evidence recovery
from mobile phones and handheld devices, Case study: Mobile phone evidence in a bomb hoax.
Text Books :1. Richard Boddington, Practical Digital Forensics, Packt Publishers, May 2016. 2. Andre Arnes,
Digital Forensics, John Wiley & Sons Ltd, 2018. 3. Cisco CyberOps Associate-chapter 15, 16 & 28.
Reference Books :1. R.C. Joshi, Emmanuel S. Pilli, “Fundamentals of Network Forensics: A Research
Perspective”, 1st Edition, Springer, 2016. 2. Marjie T. Britz, “Computer Forensics and Cyber Crime”: An
Introduction” 3rd Edition, Prentice Hall, 2013
Web Links :1. https://www.youtube.com/watch?v=giv0DQDSsjQ 2. https://www.youtube.com/watch?
v=u3IPKARyhjI
MOOCS :1. Digital Forensics course offered by Swayam. 2. Information Security and Cyber Forensics course
offered by Swayam. 3. Computer Forensics Offered by Infosec (3 course specialization). 4. Penetration
Testing, Incident Response, and Forensics offered by IBM 3. 5. Cyber Incident Response Offered by Infosec (3
course specialization).
Course Rationale :The course covers both the principles and practice of digital forensics. Societal and legal
impact of computer activity: computer crime, intellectual property, privacy issues, legal codes; risks,
vulnerabilities, and countermeasures; methods and standards for extraction, preservation, and deposition of
legal evidence in a court of law. This course provides hands-on experience indifferent computer forensics
situations that are applicable to the real world. Students will learn different aspects of digital evidence: ways to
uncover illegal or illicit activities left on disk and recovering files from intentionally damaged media with
computer forensics tools and techniques.
Course Objectives :This academic course offers a comprehensive examination of the foundational principles
and methodologies associated with digital investigation. The primary aim of this course is to underscore the
essential elements and significance of digital forensics. Participants will acquire diverse techniques and
about:blank 1/40
12/24/24, 1:32 PM about:blank

protocols that empower them to execute a thorough digital investigation. This course predominantly
emphasizes the analytical assessment of physical storage media alongside volumetric analysis. It encompasses
the principal stages of digital investigation, including the preservation, analysis, and acquisition of digital
artifacts located within hard disk drives and random-access memory. The objective of this course is to
emphasize the significant importance of digital forensics and to provide students with the requisite skills to
conduct digital investigations in a systematic and structured manner. This curriculum will furnish both
theoretical frameworks and practical skills, in addition to presenting contemporary research findings related to
Digital Forensics. Upon successful completion, the students will be adept at employing open-source forensic
resources for performing digital inquiries and will have a solid comprehension of the theoretical foundations
that back these resources.
Global Certifications :1. https://www.giac.org/certifications/certified-forensic-analyst-gcfa/ 2.
https://www.eccouncil.org/train-certify/digital-forensics-essentials-dfe/ 3.
https://www.paloaltonetworks.com/services/education/palo-alto-networks-certified-cybersecurity-entry-level-
technician
Industry Specific Tools :1. https://www.autopsy.com/download/ (Autopsy) 2.
https://www.opentext.com/products/forensic (EnCase) 3. https://www.wireshark.org/download.html
(Wireshark)

COURSE OUTCOMES (COs):

Blooms
CO Taxonomy
Course Outcome (CO) PO/PSO
NO Level
(BTL)
Apply foundational principles of forensic science and digital
CO1 PO2,PSO2,PO1 3
forensics to investigate and resolve digital incidents effectively.
Conduct comprehensive analysis of operating systems and file
CO2 PO2,PSO2 4
systems to identify and recover digital evidence.
Critically evaluate and analyze digital evidence and network
CO3 PO2,PO3,PSO2 5
forensic data to support investigative objectives.
Assess methodologies and tools for web forensics and mobile
CO4 device forensics to ensure effective evidence recovery and PO5,PSO2,PO2 5
analysis.
Evaluate core concepts and emerging trends in digital forensics
CO5 PO2,PO4,PSO2 5
using a real-time problem.
Demonstrate the ability to utilize forensic tools and techniques to
perform analysis on digital evidence, including file systems,
CO6 PO5,PSO2 3
operating systems, and networks, while adhering to best practices
in evidence handling.
Evaluate techniques for identifying, extracting, and preserving
digital evidence from diverse platforms, such as mobile devices
CO7 PO5,PSO2 5
and web applications, to ensure the integrity and reliability of
investigative processes.

COURSE OUTCOME INDICATORS (COIs)::

Outcome Highest
COI-1 COI-2 COI-3
No. BTL
Btl-1 Btl-2 Btl-3
Remembering the concepts Understand the concepts of Applying the concepts of
CO1 3
of forensic science and digital Forensics Processes forensic science and digital
digital forensics. and MITRE Framework. forensics.
CO2 4 Btl-2 Btl-3 Btl-4
Describe the key structures Demonstrate the use of Analyze real-world file
forensic tools to analyze file systems and operating
about:blank 2/40
12/24/24, 1:32 PM about:blank

of operating systems and file systems and recover systems to extract evidence
systems relevant to forensics. evidence. in a case simulation.
Btl-5
Btl-2 Btl-4
Evaluate the integrity and
Explain the characteristics of Analyze network forensic
CO3 5 significance of digital
digital evidence and its data for patterns and
evidence in investigative
relevance in investigations. anomalies.
scenarios.
Btl-5
Btl-2 Btl-3
Evaluate the effectiveness of
Identify challenges in Compare tools and
CO4 5 specific forensic tools in
evidence recovery for web techniques used in web and
handling mobile and web
and mobile devices. mobile device forensics.
evidence.
Btl-4 Btl-5
Btl-2
Analyze how core forensic Evaluate the application of
Describe emerging trends in
CO5 5 concepts apply to real-time emerging trends in solving a
digital forensics and their
digital investigation specific real-world digital
practical implications.
problems. forensic problem.
Btl-3 Btl-4
Btl-2
Demonstrate the use of Apply best practices in the
Explain the appropriate use
CO6 3 forensic tools to analyze file handling and analysis of
of forensic tools for
systems, operating systems, digital evidence in a
analyzing digital evidence.
and networks. simulated investigation.
Btl-2 Btl-4 Btl-5
Describe challenges in Analyze the effectiveness of Evaluate specific extraction
CO7 5 evidence identification and extraction techniques for and preservation techniques
preservation for mobile and maintaining evidence using real-world evidence
web platforms. integrity. recovery scenarios.

PROGRAM OUTCOMES & PROGRAM SPECIFIC OUTCOMES (POs/PSOs)

Po
Program Outcome
No.
Engineering Knowledge:Apply the knowledge of mathematics, science, engineering fundamentals, and
PO1
an engineering specialization to the solution of complex engineering problems.
Problem Analysis: Identify, formulate, review research literature, and analyse complex engineering
PO2 problems reaching substantiated conclusions using first principles of mathematics, natural sciences and
engineering sciences
Design/Development of Solutions: Design solutions for complex engineering problems and design
PO3 system components or processes that meet the specified needs with appropriate consideration for the
public health and safety, and the cultural, societal, and environmental considerations
Conduct Investigations of Complex Problems:Use research-based knowledge and research methods
including design of experiments, analysis and interpretation of data, and synthesis of the information to
PO4
provide valid conclusions for complex problems that cannot be solved by straightforward application of
knowledge, theories and techniques applicable to the engineering discipline.
Modern Tool Usage:Create, select, and apply appropriate techniques, resources, and modern
PO5 engineering and IT tools including prediction and modelling to complex engineering activities with an
understanding of the limitations.
The Engineer and Society:Apply reasoning informed by the contextual knowledge to assess societal,
PO6 health, safety, legal and cultural issues and the consequent responsibilities relevant to the professional
engineering practice.
Environment and Sustainability:Understand the impact of the professional engineering solutions in
PO7 societal and environmental contexts, and demonstrate the knowledge of, and need for sustainable
development
Ethics: Apply ethical principles and commit to professional ethics and responsibilities and norms of the
PO8
engineering practice
about:blank 3/40
12/24/24, 1:32 PM about:blank

Individual and Team Work: Function effectively as an individual, and as a member or leader in diverse
PO9
teams, and in multidisciplinary settings.
Communication:Communicate effectively on complex engineering activities with the engineering
PO10 community and with society at large, such as, being able to comprehend and write effective reports and
design documentation, make effective presentations, and give and receive clear instructions
Project Management and Finance: Demonstrate knowledge and understanding of the engineering and
PO11 management principles and apply these to one’s own work, as a member and leader in a team, to
manage projects and in multidisciplinary environments.
Life-long Learning: Recognize the need for, and have the preparation and ability to engage in
PO12
independent and lifelong learning in the broadest context of technological change.
PSO1 An ability to design and develop software projects as well as Analyze and test user requirements.
PSO2 An Ability to gain working Knowledge on emerging software tools and technologies.

Lecture Course DELIVERY Plan:

Book No[CH Teaching-
Sess.No. CO COI Topic No][Page Learning EvaluationComponents
No] Methods

Introduction to Course
COI- B1, Ch. 1, Pg.
1 CO1 Handout, History of Forensic PPT,Talk SEM-EXAM1
1 1–15
Science.

COI- Locard's Exchange Principle, B1, Ch. 1, Pg. End Semester

2 CO1 PPT,Talk
2 Crime Reconstruction. 16–25 Exam,SEM-EXAM1

COI- Crime scene Investigations, B1, Ch. 2, Pg. End Semester

3 CO1 PPT,Talk
3 Evidence Dynamics. 26–35 Exam,SEM-EXAM1

Definitions of digital forensics,

COI- B2, Ch. 3, Pg. End Semester
4 CO1 Forensic Soundness and PPT,Talk
2 45–58 Exam,SEM-EXAM1
fundamental Principles.

COI- B1, Ch. 2, Pg. ALM,End Semester

5 CO1 The Digital Forensics Process. PPT,Talk
2 41–50 Exam,SEM-EXAM1

COI- Types of Evidence, Evidence B2, Ch. 3, Pg. End Semester

6 CO1 PPT,Talk
2 Collection order 59–70 Exam,SEM-EXAM1

COI- Chain of Custody, Data B1, Ch. 3, Pg. End Semester

7 CO1 PPT,Talk
3 Integrity and Preservation. 71–82 Exam,SEM-EXAM1

COI- B3, Ch. 15, End Semester

8 CO1 Attack Attribution. PPT,Talk
3 Pg. 230–240 Exam,SEM-EXAM1

The MITRE ATT & CK

COI- B2, Ch. 4, Pg. End Semester
9 CO1 Framework, The Cyber Kill PPT,Talk
2 83–100 Exam,SEM-EXAM1
Chain.

COI- The Diamond Model of B2, Ch. 4, Pg. End Semester

10 CO1 PPT,Talk
3 intrusion Analysis. 101–110 Exam,SEM-EXAM1

COI- Incident Response, NIST B3, Ch. 16, End Semester

11 CO1 PPT,Talk
2 Incident Response Life Cycle. Pg. 241–260 Exam,SEM-EXAM1

about:blank 4/40
12/24/24, 1:32 PM about:blank

Book No[CH Teaching-

Sess.No. CO COI Topic No][Page Learning EvaluationComponents
No] Methods

B1: Ch.- 1 &

COI- 2, B2: Ch. 3 ALM,Case
12 CO1 Case Study analysis. LTC,Talk
3 & 4, and B3: Analysis,SEM-EXAM1
Ch. 15 & 16

Describing computers,
COI-
13 CO2 Operating Systems and the B1, Ch. 3 PPT,Talk SEM-EXAM1
1
nature of digital information.

B1, Ch. 2, Pg.

COI- Describing filesystems that 32 and B2, End Semester
14 CO2 PPT,Talk
3 contain evidence. Ch. 5, Pg. Exam,SEM-EXAM1
139

The filesystem category, the B1, Ch. 2, Pg.

COI- filename category The 32 and B2, End Semester
15 CO2 PPT,Talk
1 metadata category and Content Ch. 5, Pg. Exam,SEM-EXAM1
Category. 139

B1, Ch. 2, Pg.

COI- Locating evidence in file End Semester
16 CO2 38 and B2, LTC,Talk
2 systems Exam,SEM-EXAM1
Ch. 5

End Semester
COI- Explaining password security, B1, Ch. 2, Pg. Exam,Global
17 CO2 PPT,Talk
1 encryption, and hidden files. 48 Challenges,SEM-
EXAM1

Defining digital evidence and

COI- its characteristics and The B1, Ch. 6, Pg. End Semester
18 CO2 PPT,Talk
1 technical complexities of 186–190 Exam,SEM-EXAM1
digital evidence.

Determining the value and

COI- B2, Ch. 7, Pg. End Semester
19 CO2 admissibility of digital PPT,Talk
3 171–185 Exam,SEM-EXAM1
evidence

Case study – Linking the

ALM,Case Analysis,End
COI- evidence to the user and B1, Ch. 10,
20 CO2 LTC,PPT,Talk Semester Exam,SEM-
2 recovering digital evidence Pg. 371–380
EXAM1
through forensic imaging.

Introduction to Network
COI- B3, Ch. 28, End Semester
21 CO3 Monitoring, Network Security PPT,Talk
1 Pg. 321–335 Exam,SEM-EXAM2
Topology.

COI- Network Monitoring Methods, B3, Ch. 28, End Semester

22 CO3 LTC,PPT,Talk
2 Network Taps. Pg. 336–345 Exam,SEM-EXAM2

about:blank 5/40
12/24/24, 1:32 PM about:blank

Book No[CH Teaching-

Sess.No. CO COI Topic No][Page Learning EvaluationComponents
No] Methods

Traffic mirroring and Switched

COI- B3, Ch. 28, End Semester
23 CO3 Port Analyzer (SPAN), LTC,PPT,Talk
3 Pg. 346–360 Exam,SEM-EXAM2
Network Protocol Analyzers.

Network security monitoring

COI- B3, Ch. 28, End Semester
24 CO3 Tools (NetFlow, SIEM, and LTC,PPT,Talk
2 Pg. 361–375 Exam,SEM-EXAM2
SOAR).

End Semester
IP Vulnerabilities, ICMP
COI- B2, Ch. 9, Pg. Exam,Global
25 CO3 Attacks, Amplification and LTC,PPT,Talk
3 231–245 Challenges,SEM-
reflection Attacks
EXAM2

COI- Address Spoofing Attacks, TCP B2, Ch. 9, Pg. End Semester
26 CO3 LTC,Talk
3 Attack and UDP Attack. 246–255 Exam,SEM-EXAM2

ALM,End Semester
COI- Defense-in-Depth, Assets, B2, Ch. 10, Exam,Global
27 CO3 LTC,Talk
3 Vulnerabilities, and Threats Pg. 256–270 Challenges,SEM-
EXAM2

COI- The Security Onion and The B2, Ch. 10, End Semester
28 CO3 LTC,PPT,Talk
2 Security Artichoke. Pg. 271–280 Exam,SEM-EXAM2

COI- Locating evidence from B1, Ch. 12, End Semester

29 CO4 LTC,PPT,Talk
2 internet browsing Pg. 401–415 Exam,SEM-EXAM2

COI- Locating evidence from B1, Ch. 12, End Semester

30 CO4 LTC,PPT,Talk
2 Messaging systems Pg. 416–425 Exam,SEM-EXAM2

COI- E-mail analysis and Processing B2, Ch. 11, End Semester
31 CO4 LTC,PPT,Talk
2 of large e-mail databases Pg. 281–295 Exam,SEM-EXAM2

COI- Ontologies for Mobile and B2, Ch. 12, End Semester
32 CO4 LTC,PPT,Talk
3 Embedded Forensics. Pg. 296–310 Exam,SEM-EXAM2

COI- Ontologies for Mobile and B2, Ch. 12, End Semester
33 CO4 LTC,Talk
3 Embedded Forensics. Pg. 296–310 Exam,SEM-EXAM2

The growing challenge of

COI- B2, Ch. 12, End Semester
34 CO4 evidence recovery from mobile LTC,PPT,Talk
2 Pg. 311–320 Exam,SEM-EXAM2
phones and handheld devices

Use case of the rowing

COI- challenge of evidence recovery B1, Ch. 13, End Semester
35 CO4 LTC,PPT,Talk
3 from mobile phones and Pg. 426–440 Exam,SEM-EXAM2
handheld devices.

COI- Case study: Mobile phone B1, Ch. 8, Pg. ALM,Case

36 CO4 LTC,Talk
2 evidence in a bomb hoax. 283 Analysis,SEM-EXAM2

about:blank 6/40
12/24/24, 1:32 PM about:blank

Book No[CH Teaching-

Sess.No. CO COI Topic No][Page Learning EvaluationComponents
No] Methods

COI- Case Analysis,End

37 CO5 Case study - Discussion B1, B2, B3 PPT,Talk
1 Semester Exam

COI- Case Analysis,End

38 CO5 Case study - Analysis B1, B2, B3 PPT,Talk
2 Semester Exam

COI- Case Analysis,End

39 CO5 Case study - Evaluation NA PPT,Talk
3 Semester Exam

Lecture Session wise Teaching – Learning Plan

SESSION NUMBER : 1

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Handout discussion 2 PPT APPLICABLE
---
--- NOT
20 Introduction to Digital Forensics. 2 PPT APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 2

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Locard's Exchange Principle 3 PPT APPLICABLE
---
--- NOT
20 Applying Locard's Principle in crime reconstruction 3 PPT APPLICABLE
---
--- NOT
5 Summary 2 PPT APPLICABLE
---

about:blank 7/40
12/24/24, 1:32 PM about:blank

SESSION NUMBER : 3

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Crime scene Investigations 3 PPT APPLICABLE
---
--- NOT
20 Evidence Handling in investigation 3 PPT APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 4

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
40 Digital forensics, its significance and applications. 2 PPT APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 5

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Digital Forensics Process 2 PPT APPLICABLE
---
--- NOT
20 Case study discussion. 2 PPT APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---
about:blank 8/40
12/24/24, 1:32 PM about:blank

SESSION NUMBER : 6

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Types of Evidence 2 PPT APPLICABLE
---
--- NOT
20 Evidence Collection order 2 PPT APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 7

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Chain of Custody 2 PPT APPLICABLE
---
--- NOT
20 Data Integrity and Preservation techniques 2 PPT APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 8

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Attack Attribution 2 PPT APPLICABLE
---
--- NOT
20 Case study discussion 2 PPT APPLICABLE
---
about:blank 9/40
12/24/24, 1:32 PM about:blank

--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 9

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 The MITRE ATT & CK Framework 2 PPT APPLICABLE
---
--- NOT
20 The Cyber Kill Chain 2 PPT APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 10

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 The Diamond Model of intrusion Analysis 2 PPT APPLICABLE
---
--- NOT
20 Application of Diamond model in real word scenarios 2 PPT APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 11

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
20 Incident Response procedure 2 PPT --- NOT
APPLICABLE
about:blank 10/40
12/24/24, 1:32 PM about:blank

---
--- NOT
20 NIST Incident Response Life Cycle 2 PPT APPLICABLE
---
--- NOT
5 Summary 1 Talk APPLICABLE
---

SESSION NUMBER : 12

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
40 Case study analysis 2 PPT APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 13

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Describing computers, Operating Systems and the nature of
40 2 PPT APPLICABLE
digital information related to forensic investigation
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 14

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
40 Digital evidence using Operating systems and filesystems 4 PPT APPLICABLE
---

about:blank 11/40
12/24/24, 1:32 PM about:blank

--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 15

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 The filesystem category and the filename category 2 PPT APPLICABLE
---
--- NOT
20 The metadata category and Content Category 2 PPT APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 16

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Locating evidence in file systems 3 LTC APPLICABLE
---
--- NOT
20 Locating evidence in file systems 4 LTC APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 17

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
10 Explaining password security, encryption, and hidden files. 2 PPT --- NOT
APPLICABLE
about:blank 12/40
12/24/24, 1:32 PM about:blank

---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 18

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Defining digital evidence and its characteristics 2 PPT APPLICABLE
---
--- NOT
20 The technical complexities of digital evidence. 2 PPT APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 19

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Admissibility of digital evidence in legal proceedings. 2 2 PPT APPLICABLE
---
Group
20 Admissibility of digital evidence in legal proceedings 4 PPT
Discussion
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 20

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
20 Forensic imaging methods and evidence linkage 2 PPT --- NOT
APPLICABLE
about:blank 13/40
12/24/24, 1:32 PM about:blank

---
Use forensic imaging methods to recover the digital
20 evidence and evidence linkage (use a real time or movie 3 LTC Case Study
relatedcase for discussion)
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 21

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Introduction to Network Monitoring 2 PPT APPLICABLE
---
--- NOT
20 Network Security Topology 2 PPT APPLICABLE
---
--- NOT
5 Summary 1 Talk APPLICABLE
---

SESSION NUMBER : 22

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Familiarization of Network taps 2 PPT APPLICABLE
---
--- NOT
Use Network taps for network monitoring in a given
20 3 LTC APPLICABLE
scenario.
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 23

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods

about:blank 14/40
12/24/24, 1:32 PM about:blank

--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Theory of SPAN and Analyzers 2 PPT APPLICABLE
---
--- NOT
20 Network analysis using SPAN 4 PPT APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 24

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Familiarization of Network security monitoring Tools
20 2 PPT APPLICABLE
(NetFlow, SIEM, and SOAR)
---
--- NOT
Compare the usage of Network security monitoring Tools
20 4 LTC APPLICABLE
(NetFlow, SIEM, and SOAR) in forensics
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 25

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 IP Vulnerabilities 2 PPT APPLICABLE
---
--- NOT
20 ICMP Attacks, Amplification and reflection Attacks. 4 LTC APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 26

No Session Outcomes are mapped

about:blank 15/40
12/24/24, 1:32 PM about:blank

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Analysis and evaluation of different network attacks
40 5 LTC APPLICABLE
(Address Spoofing, TCP Attack and UDP Attack)
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 27

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Evaluation of defense-in-depth strategies. 5 LTC APPLICABLE
---
--- NOT
20 Identification of assets, vulnerabilities, and threats. 4 LTC APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 28

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Comparison of layered security approaches (Security
40 4 LTC APPLICABLE
Onion and the Security Artichoke models)
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 29

No Session Outcomes are mapped

Time(min) Topic BTL Teaching- Active

Learning Learning
about:blank 16/40
12/24/24, 1:32 PM about:blank

Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
10 Locating evidence from internet browsing 2 PPT APPLICABLE
---
--- NOT
30 Locating evidence from internet browsing 3 LTC APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 30

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Locating evidence from Messaging systems 2 PPT APPLICABLE
---
--- NOT
20 Locating evidence from Messaging systems 3 LTC APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 31

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Locating evidence from emails 3 PPT APPLICABLE
---
--- NOT
20 Analyze large email databases using digital forensic tools. 4 LTC APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 32

about:blank 17/40
12/24/24, 1:32 PM about:blank

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
20 Use of ontologies in mobile and embedded forensics 3 PPT APPLICABLE
---
--- NOT
20 Evaluation of ontologies in mobile and embedded forensics 4 LTC APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 33

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Challenges with evidence recovery from mobile and
20 4 LTC APPLICABLE
handheld devices.
---
--- NOT
Evaluate the challenges with evidence recovery from
20 5 LTC APPLICABLE
mobile and handheld devices
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 34

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Recovery techniques for mobile phone evidence and its
20 2 PPT APPLICABLE
challenges
---
--- NOT
20 Recovery techniques for mobile phone evidence 3 LTC APPLICABLE
---
5 Summary 2 Talk --- NOT
APPLICABLE
about:blank 18/40
12/24/24, 1:32 PM about:blank

---

SESSION NUMBER : 35

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Rowing challenge of evidence recovery from mobile
20 2 PPT APPLICABLE
phones and handheld devices
---
--- NOT
20 Case study analysis 5 LTC APPLICABLE
---
--- NOT
5 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 36

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
35 Case study: Mobile phone evidence in a bomb hoax 4 PPT APPLICABLE
---
--- NOT
10 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 37

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
Immediate
35 Case study discussion and presentation. 4 PPT
feedback
--- NOT
10 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 38

about:blank 19/40
12/24/24, 1:32 PM about:blank

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
Immediate
35 Case study analysis and presentation. 4 PPT
feedback
--- NOT
10 Summary 2 Talk APPLICABLE
---

SESSION NUMBER : 39

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
35 Case study evaluation and discussion 5 PPT APPLICABLE
---
--- NOT
10 Summary 2 Talk APPLICABLE
---

Tutorial Course DELIVERY Plan: NO Delivery Plan Exists

Tutorial Session wise Teaching – Learning Plan

No Session Plans Exists

Practical Course DELIVERY Plan:

Tutorial
Session Topics CO-Mapping
no

Preparing a Virtual Windows Machine and installation of CAINE Operating

1 CO6
System

Computer Forensics Investigation Process and Recognizing File Systems &

2 CO6
Hard Drives

Application of Information Gathering and Regeneration, Implementation of

3 CO6
Recovering Deleted Files and Partitions.

4 Web Forensics using Open-Source Intelligence CO6

5 Web Forensics (Manual and using tools) CO6

about:blank 20/40
12/24/24, 1:32 PM about:blank

Tutorial
Session Topics CO-Mapping
no

6 Forensics Case Investigation using Autopsy CO6

7 Volatile memory Forensic using AccessData FTK Imager CO6

8 Implementation of Password Crackers (Windows login and other passwords) CO6

9 Implementation of Network Forensics using Wireshark CO6

10 Implementation of Tracking & Investigating Email CO6

11 Firewall and System Security Analysis using SIEM Tools and Splunk CO6

12 Hide and Extract Any Text File Behind an Image File/Audio File CO6

13 Metadata Analysis using Exif Reader Tools CO6

14 Mobile Data Recovery using Dr. Fone. CO6

15 Revision of Forensic Procedures, Report Creation, and Tools CO6

Practical Session wise Teaching – Learning Plan

SESSION NUMBER : 1

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 LTC APPLICABLE
---
--- NOT
40 Installation of Virtual Box and CAINE Operating System 3 LTC APPLICABLE
---
--- NOT
30 Evaluation and Viva Voce 4 LTC APPLICABLE
---

SESSION NUMBER : 2

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods

about:blank 21/40
12/24/24, 1:32 PM about:blank

--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 Talk APPLICABLE
---
--- NOT
25 Discussion of Computer Forensics Investigation Process 2 Talk APPLICABLE
---
--- NOT
25 Recognizing File Systems & Hard Drives 3 LTC APPLICABLE
---
--- NOT
20 Evaluation of the experiment 4 LTC APPLICABLE
---

SESSION NUMBER : 3

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 LTC APPLICABLE
---
--- NOT
40 Practice using file and disk recovery tool/s 3 LTC APPLICABLE
---
--- NOT
30 Evaluation and Viva Voce 4 LTC APPLICABLE
---

SESSION NUMBER : 4

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 LTC APPLICABLE
---
--- NOT
40 Practice Web Forensics using Open-Source Intelligence 3 LTC APPLICABLE
---
--- NOT
30 Evaluation and Viva Voce 4 LTC APPLICABLE
---

about:blank 22/40
12/24/24, 1:32 PM about:blank

SESSION NUMBER : 5

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 Talk APPLICABLE
---
--- NOT
Manual web forensics using Operating System and browser
25 3 LTC APPLICABLE
features.
---
--- NOT
25 Expertise Web Forensics using a tool. 3 LTC APPLICABLE
---
--- NOT
20 Evaluation and Viva Voce 4 LTC APPLICABLE
---

SESSION NUMBER : 6

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 LTC APPLICABLE
---
--- NOT
40 Experience forensics Case Investigation using Autopsy 3 LTC APPLICABLE
---
--- NOT
30 Evaluation and Viva Voce 4 LTC APPLICABLE
---

SESSION NUMBER : 7

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 LTC APPLICABLE
---
about:blank 23/40
12/24/24, 1:32 PM about:blank

--- NOT
Familiarise with FTK Imager to extract and analyze
40 3 LTC APPLICABLE
volatile memory data
---
--- NOT
30 Evaluation and Viva Voce 4 LTC APPLICABLE
---

SESSION NUMBER : 8

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 LTC APPLICABLE
---
--- NOT
Implementation of Password Cracker using John-the-
30 3 LTC APPLICABLE
Ripper.
---
--- NOT
20 Implementation of windows login password cracker 3 LTC APPLICABLE
---
--- NOT
20 Evaluation and Viva Voce 4 LTC APPLICABLE
---

SESSION NUMBER : 9

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 LTC APPLICABLE
---
--- NOT
40 Practice Network Forensics using Wireshark 3 LTC APPLICABLE
---
--- NOT
30 Evaluation and Viva Voce 4 LTC APPLICABLE
---

SESSION NUMBER : 10

No Session Outcomes are mapped

Time(min) Topic BTL Teaching- Active

Learning Learning
about:blank 24/40
12/24/24, 1:32 PM about:blank

Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 LTC APPLICABLE
---
--- NOT
Practice Email Forensics tracing the origin and analyzing
40 3 LTC APPLICABLE
headers
---
--- NOT
30 Evaluation and Viva Voce 4 LTC APPLICABLE
---

SESSION NUMBER : 11

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 LTC APPLICABLE
---
--- NOT
Demonstrate firewall and security log analysis to detect
40 3 LTC APPLICABLE
and report anomalies
---
--- NOT
30 Evaluation and Viva Voce 4 LTC APPLICABLE
---

SESSION NUMBER : 12

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 LTC APPLICABLE
---
--- NOT
Demonstrate Steganography encryption and extraction
40 3 LTC APPLICABLE
using command prompt and tools.
---
--- NOT
30 Evaluation and Viva Voce 4 LTC APPLICABLE
---

SESSION NUMBER : 13

about:blank 25/40
12/24/24, 1:32 PM about:blank

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 LTC APPLICABLE
---
--- NOT
40 Practice Metadata Analysis using Exif Reader Tools 3 LTC APPLICABLE
---
--- NOT
30 Evaluation and Viva Voce 4 LTC APPLICABLE
---

SESSION NUMBER : 14

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Explanation & Demonstration 2 LTC APPLICABLE
---
--- NOT
40 Practice mobile Data Recovery using Dr. Fone. 3 LTC APPLICABLE
---
--- NOT
30 Evaluation and Viva Voce 4 LTC APPLICABLE
---

SESSION NUMBER : 15

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
50 Revision of Forensic applications and Tools 2 LTC APPLICABLE
---
--- NOT
45 Lab Experiment workbook Evaluation 2 Talk APPLICABLE
---

about:blank 26/40
12/24/24, 1:32 PM about:blank

Skilling Course DELIVERY Plan:

Skilling
session Topics/Experiments CO-Mapping
no

1 Introduction to various built-in forensic tools of CAINE Operating System CO7

2 Introduction to Forensic online challenges and BLUETEAMLABS registration CO7

3 Image and File discovery using recovery software CO7

4 Browser Artifacts using tools CO7

5 Expertise Open-Source Intelligence (OSINT) CO7

6 Social Engineering using Maltego CO7

7 Memory forensics using volatility CO7

8 Volatile memory Forensic using Belkasoft Live RAM Capturer CO7

9 Windows Registry, Event and Log analysis CO7

10 OS and File Systems Forensics using The Sleuth Kit (TSK) CO7

11 Creation a mock chain of custody document and evidence collection plan CO7

Forensic using Autopsy (Image Acquisition, File System Analysis, and Artifact
12 CO7
Extraction)

Forensic using Autopsy (Timeline Analysis, Malware analysis, Memory Dump,

13 CO7
and Network Traffic analysis)

14 Network Forensics using Security-Onion CO7

15 Firewall and Security Investigation CO7

16 Steganography and steg-analysis CO7

17 File duplication and modification analysis CO7

18 E-mail Analysis and the Processing of Large E-mail Databases CO7

Introduction to open-source Mobile Forensic tools (Andriller,

19 CO7
OpenBackupExtractor, ALEAPP, etc.)

20 Analysis of Cyber Kill Chain and MITRE ATT&CK Framework CO7

21 Expertise Vulnerability Assessment and Incident Response Planning CO7

22 Creation and Analysis of Forensic Investigation Reports CO7

about:blank 27/40
12/24/24, 1:32 PM about:blank

Skilling
session Topics/Experiments CO-Mapping
no

23 Revision of forensic procedures, report creation, and tools CO7

Skilling Session wise Teaching – Learning Plan

SESSION NUMBER : 1

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Familiarisation of CAINE Operating Systema and its
45 2 LTC APPLICABLE
features
---
--- NOT
30 Discussion of various forensic tools in CAINE OS 2 Talk APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 2

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Discussion about different Cyber Security and Cyber
30 2 Talk APPLICABLE
Forensic online challenges
---
--- NOT
Complete BLUETEAMLABS registration and familiarise
45 3 LTC APPLICABLE
the process.
---
--- NOT
20 Verification of registration 2 LTC APPLICABLE
---

SESSION NUMBER : 3

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods

about:blank 28/40
12/24/24, 1:32 PM about:blank

--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Implement Image and File discovery using recovery
50 3 LTC APPLICABLE
software
---
--- NOT
25 Results and Discussion 4 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 4

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Investigate browser artifacts to uncover browsing history,
45 4 LTC APPLICABLE
cookies, and cache using available tools
---
--- NOT
30 Results and Discussion 5 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 5

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
50 Practice Open-Source Intelligence (OSINT) 3 LTC APPLICABLE
---
--- NOT
25 Results and Discussion 4 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 6

No Session Outcomes are mapped

about:blank 29/40
12/24/24, 1:32 PM about:blank

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
50 Practice Maltego for forensic investigations 3 LTC APPLICABLE
---
--- NOT
25 Results and Discussion 4 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 7

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Perform memory forensics using Volatility to analyze
50 4 LTC APPLICABLE
RAM dumps for digital evidence.
---
--- NOT
25 Results and Discussion 5 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 8

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Perform live capture and analysis of RAM with Belkasoft
50 3 LTC APPLICABLE
software
---
--- NOT
25 Results and Discussion 4 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

about:blank 30/40
12/24/24, 1:32 PM about:blank

SESSION NUMBER : 9

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Investigate the Windows registry and log files to trace user
50 4 LTC APPLICABLE
activity and detect anomalies
---
--- NOT
25 Results and Discussion 5 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 10

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Practice forensic analysis of file systems and operating
50 4 LTC APPLICABLE
systems using TSK tools
---
--- NOT
25 Results and Discussion 5 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 11

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Prepare a mock chain of custody document to ensure
40 3 LTC APPLICABLE
proper handling of digital evidence
---
--- NOT
35 Results and Discussion 4 LTC APPLICABLE
---
about:blank 31/40
12/24/24, 1:32 PM about:blank

--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 12

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Familiarise Autopsy for disk image acquisition, file system
50 3 LTC APPLICABLE
analysis, and artifact extraction in forensic cases
---
--- NOT
25 Results and Discussion 4 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 13

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Familiarise Autopsy for timeline and malware analysis,
50 4 LTC APPLICABLE
including memory dump and network traffic investigation
---
--- NOT
25 Results and Discussion 5 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 14

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
50 Use Security-Onion tool for Network Forensics 3 LTC --- NOT
APPLICABLE
about:blank 32/40
12/24/24, 1:32 PM about:blank

---
--- NOT
25 Results and Discussion 4 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 15

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
50 Investigate Firewall and Security configuration 4 LTC APPLICABLE
---
--- NOT
25 Results and Discussion 5 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 16

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Perform steganographic techniques using command line
35 3 LTC APPLICABLE
and tools
---
--- NOT
20 Perform steg-analysis on a given data/image. 4 LTC APPLICABLE
---
--- NOT
20 Results and Discussion 5 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 17

No Session Outcomes are mapped

about:blank 33/40
12/24/24, 1:32 PM about:blank

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Analysis of file duplication and modification using Hash
25 3 LTC APPLICABLE
value
---
--- NOT
25 Metadata analysis using ExifTool 4 LTC APPLICABLE
---
--- NOT
25 Results and Discussion 5 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 18

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
25 Email forensics using email headers, attachments, etc. 4 LTC APPLICABLE
---
--- NOT
30 Forensic analysis of large email databases 3 LTC APPLICABLE
---
--- NOT
20 Results and Discussion 5 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 19

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
50 Mobile forensics using open-source tools 3 LTC APPLICABLE
---

about:blank 34/40
12/24/24, 1:32 PM about:blank

--- NOT
25 Results and Discussion 4 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 20

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Discussion of Cyber Kill Chain and MITRE ATT&CK
25 2 PPT APPLICABLE
Framework
---
--- NOT
Analysis of Cyber Kill Chain and MITRE ATT&CK
30 4 LTC APPLICABLE
Framework
---
--- NOT
20 Results and Discussion 4 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 21

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Discussion of Vulnerability Assessment and Incident
25 2 PPT APPLICABLE
Response Planning
---
--- NOT
Conduct Vulnerability Assessment and Incident Response
30 3 LTC APPLICABLE
Planning
---
--- NOT
20 Results and Discussion 4 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 22

No Session Outcomes are mapped

about:blank 35/40
12/24/24, 1:32 PM about:blank

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
50 Preparation and Analysis of Forensic Investigation Reports 3 LTC APPLICABLE
---
--- NOT
25 Results and Discussion 4 LTC APPLICABLE
---
--- NOT
20 Viva Voce 2 Talk APPLICABLE
---

SESSION NUMBER : 23

No Session Outcomes are mapped

Teaching- Active
Time(min) Topic BTL Learning Learning
Methods Methods
--- NOT
5 Attendance 1 Talk APPLICABLE
---
--- NOT
Discussion of forensic procedures, report creation, and
30 2 Talk APPLICABLE
related tools
---
--- NOT
45 Revision of forensic procedures, report creation, and tools 2 Talk APPLICABLE
---
--- NOT
20 Summary 2 Talk APPLICABLE
---

WEEKLY HOMEWORK ASSIGNMENTS/ PROBLEM SETS/OPEN ENDEDED PROBLEM-SOLVING EXERCISES etc:

Assignment Assignment
Week Topic Details co
Type No
Review the story of an
investigation movie you
watched recently and answer
the following questions. a)
Brief summary of the
Forensic investigation review of a investigation and its result. b)
2 Problem Sets 1 CO1
movie. How Locard’s Principle in
the investigation and how it
helped in investigation. c)
Summary of the finding of
investigation and highlight
the digital evidence in it.
4 Problem Sets 2 Case study analysis - Evidence Analyze a real-world case CO1
collection and Linking study to understand complex

about:blank 36/40
12/24/24, 1:32 PM about:blank

concepts and apply

theoretical knowledge of
Digital Forensics and
evidence collection. A team
of 3 members can work on
analysis of a real time case
and summarize their
findings. (Ensure no cases
are repeating.)
Watch the video of crime
investigation stories. Suggest
possible Cyber Forensics
investigation techniques
7 Problem Sets 3 Crime (related) video investigation CO2
which you think to solve the
problem. Write a small
justification of your points in
3-4 sentences.
Conduct a comprehensive
analysis of three significant
cybersecurity vulnerabilities
that have impacted major
global corporations within
the past decade. For each
case study, delve into the
9 Problem Sets 4 Cybersecurity vulnerability analysis. CO3
following aspects: a.
Vulnerability Details. b.
Impact Assessment. c. Root
Cause Analysis. d. Incident
Response and Mitigation. e.
Lessons Learned and Future
Recommendations.
Apply digital forensics
methodologies to analyze
mobile phone evidence in the
context of a simulated bomb
hoax case and summarize the
findings as a report.
Case study: Mobile phone evidence
12 Problem Sets 5 (Inclusion of evidence CO4
in a bomb hoax
acquisition, examination, and
reporting, emphasizing
forensic soundness, chain of
custody, and legal
considerations is mandatory
in the report).

COURSE TIME TABLE:

Hour 1 2 3 4 5 6 7 8 9
Day Component
Theory H-S1 --- --- --- --- --- --- --- ---
Tutorial -- --- --- --- --- --- --- --- ---
Mon
Lab -- --- --- --- --- --- --- --- ---
Skilling -- --- --- --- --- --- --- --- ---
Tue Theory -- -- -- -- -- -- -- -- --
Tutorial -- -- -- -- -- -- -- -- --
about:blank 37/40
12/24/24, 1:32 PM about:blank

Lab -- -- -- -- -- -- -- -- --
Skilling -- -- -- -- -- -- -- -- --
Theory H-S1 H-S1 --- --- --- --- -- -- ---
Tutorial -- -- --- --- --- --- -- -- ---
Wed
Lab -- -- --- --- --- --- H-S1 H-S1 ---
Skilling -- -- --- --- --- --- -- -- ---
Theory --- --- --- --- --- --- -- -- ---
Tutorial --- --- --- --- --- --- -- -- ---
Thu
Lab --- --- --- --- --- --- H-S1 H-S1 ---
Skilling --- --- --- --- --- --- -- -- ---
Theory --- --- -- -- --- --- --- --- ---
Tutorial --- --- -- -- --- --- --- --- ---
Fri
Lab --- --- -- -- --- --- --- --- ---
Skilling --- --- H-S1 H-S1 --- --- --- --- ---
Theory --- --- -- -- --- --- --- --- ---
Tutorial --- --- -- -- --- --- --- --- ---
Sat
Lab --- --- -- -- --- --- --- --- ---
Skilling --- --- H-S1 H-S1 --- --- --- --- ---
Theory -- -- -- -- -- -- -- -- --
Tutorial -- -- -- -- -- -- -- -- --
Sun
Lab -- -- -- -- -- -- -- -- --
Skilling -- -- -- -- -- -- -- -- --

REMEDIAL CLASSES:

Supplement course handout, which may perhaps include special lectures and discussions that would be planned,
and schedule notified according

SELF-LEARNING:

Assignments to promote self-learning, survey of contents from multiple sources.

S.no Topics CO ALM References/MOOCS

DELIVERY DETAILS OF CONTENT BEYOND SYLLABUS:

Content beyond syllabus covered (if any) should be delivered to all students that would be planned, and
schedule notified accordingly.
Advanced Topics, Additional Reading, Research
S.no CO ALM References/MOOCS
papers and any

EVALUATION PLAN:

Evaluation Evaluation Assessment Duration

Weightage/Marks CO1 CO2 CO3 CO4 CO5 CO6 CO7
Type Component Dates (Hours)
End Skill Sem- Weightage 10 10
Semester 100
End Exam Max Marks 50 50
Summative
about:blank 38/40
12/24/24, 1:32 PM about:blank

Evaluation Lab End Weightage 10 10

Total= 40 Semester 100
% Exam Max Marks 50 50
End Weightage 20 4 4 4 4 4
Semester 180
Exam Max Marks 100 20 20 20 20 20
Case Weightage 10 10
60
Analysis
Max Marks 50 50
Global Weightage 5 2.5 2.5
100
Challenges Max Marks 50 25 25
In
Semester Skilling Weightage 5 5
Formative Continuous 100
Max Marks 50 50
Evaluation Evaluation
Total= 30 Continuous Weightage 5 5
% Evaluation
100
- Lab
Max Marks 50 50
Exercise
Weightage 5 1 1 1 1 1
ALM 60
Max Marks 50 10 10 10 10 10
Skill In- Weightage 6 6
100
Sem Exam Max Marks 50 50
In Lab In Weightage 6 6
Semester Semester 100
Summative Exam Max Marks 50 50
Evaluation
Weightage 9 4.5 4.5
Total= 30 Semester in 90
% Exam-II Max Marks 50 25 25
Semester in Weightage 9 4.5 4.5
90
Exam-I Max Marks 50 25 25

ATTENDANCE POLICY:

Every student is expected to be responsible for regularity of his/her attendance in class rooms and laboratories,
to appear in scheduled tests and examinations and fulfill all other tasks assigned to him/her in every course
In every course, student has to maintain a minimum of 85% attendance to be eligible for appearing in Semester
end examination of the course, for cases of medical issues and other unavoidable circumstances the students
will be condoned if their attendance is between 75% to 85% in every course, subjected to submission of medical
certificates, medical case file and other needful documental proof to the concerned departments

DETENTION POLICY :

In any course, a student has to maintain a minimum of 85% attendance and In-Semester Examinations to be
eligible for appearing to the Semester End Examination, failing to fulfill these conditions will deem such
student to have been detained in that course.

PLAGIARISM POLICY :

Supplement course handout, which may perhaps include special lectures and discussions

COURSE TEAM MEMBERS, CHAMBER CONSULTATION HOURS AND CHAMBER VENUE DETAILS:

Supplement course handout, which may perhaps include special lectures and discussions
Name of Delivery Sections Chamber Chamber Chamber Signature of
Faculty Component of of Consultation Consultation Consultation Course
about:blank 39/40
12/24/24, 1:32 PM about:blank

Faculty Faculty Day (s) Timings for each Room No: faculty:
day
Savadam
L 1-MA - - - -
Balaji
Savadam
P 1-MA - - - -
Balaji
Savadam
S 1-MA - - - -
Balaji

GENERAL INSTRUCTIONS

Students should come prepared for classes and carry the text book(s) or material(s) as prescribed by the Course
Faculty to the class.

NOTICES

Most of the notices are available on the LMS platform.

All notices will be communicated through the institution email.

All notices concerning the course will be displayed on the respective Notice Boards.

Signature of COURSE COORDINATOR

(Savadam Balaji)

Signature of Department Prof. Incharge Academics & Vetting Team Member

Department Of CSE-Honors

HEAD OF DEPARTMENT:

Approval from: DEAN-ACADEMICS

(Sign with Office Seal) [object HTMLDivElement]

about:blank 40/40