Computer Crime & Forensics

Professors Michael Battig, Mich Kabay and Huw Read; Associate Professors Matthew Bovee, Jeremy Hansen, and Charles Snow; Assistant Professor Ahmed Abdeen Hamed; Lecturer Kris Rowley.

Cybercrime is a pervasive threat and the organizational demand for individuals capable of providing collaboration and support in dealing with this threat continues to grow. To prepare students from a variety of disciplines with the foundational study for this demand, the Computer Crime and Forensics minor provides a background in criminal justice and digital forensics, as well as computer science, computer programming, and information assurance. Students wishing to pursue the minor must obtain the approval of the School Director and complete each of the required courses with a grade of C or higher.

Goals:

To develop in students:

  • An understanding and appreciation of the fundamentals of computer science, cybersecurity, and information assurance;
  • Knowledge and basic facility with a high-level programming language;
  • A foundation of understanding and skills in digital forensics and cyber-investigation;
  • The foundation for practical work and further study in information assurance, cyberlaw, and digital forensics;
  • Understanding of the constraints, legal procedures, and multi-jurisdictional nature and scope, of digital incidents and the responses to them; and,
  • The ability to identify, think critically, analyze, and solve, cybercrime and cyberlaw problems.

Outcomes: 

Upon graduation successful students will competently demonstrate:

  • Use of the fundamental concepts and terminology regarding computers, computer security, and information assurance;
  • Application of the essential cybercrime and digital forensic concepts, techniques and procedures;
  • Ability to recognize, define, and use, the technical terminology of information assurance (IA);
  • Application of the fundamentals of information assurance in both personal and organizational contexts;
  • A breadth of knowledge and the ability to apply it regarding cyberlaw and cybercrime, including: identifying and classifying cybercrimes; the motivations of cybercriminals; seizure and handling of digital evidence; admissibility of digital incident evidence; preparing and delivering professional testimony; and, the key regulations and laws regarding cybercrimes of varying types and jurisdictions; and,
  • High ethical, personal and professional standards, especially in regards to information assurance and its impact on individuals, organizations, and society.

Careers for this Minor:

Computers and mobile phones are now common tools used in the commission of ordinary crime, and the frequency, magnitude, and scope, of cybercrimes have increased dramatically. The Computer Crime & Forensics minor prepares students with the following career paths to better deal with them:

  • Attorneys
  • Crime Analysts
  • Federal, state and local law enforcement
  • Federal intelligence agents
  • Private security personnel
  • Probation and parole officers

Computer Crime and Forensics Minor 2020-2021 Catalog

Students seeking a minor in Computer Crime and Forensics must obtain the approval of the School Director and complete all of the six courses listed below, each with a grade of C or higher. Please also refer to the course descriptions for any prerequisites.

CJ 301Criminal Procedure3
CJ 423Evidence3
CS 140Programming and Computing4
DF 395Cyber Criminalistics3
IA 241Cyberlaw and Cybercrime3
IA 340Introduction to Information Assurance3
Total Cr.19

Computer Science Courses

CS 100 Foundations of Computer Science and Information Assurance 3 Cr.

This survey of computing and information assurance fundamentals is required for computer science and information assurance majors. The course focuses on learning to use key concepts and terminology in information technology, computer science, networking, and information security. Discussions regarding computing ethics, safety, and professionalism are included throughout. 3 Lecture hours. Prerequisites: Open to Computer Science or Computer Security & Information Assurance majors; others by permission. Offered: Fall, Spring.

CS 111 Personal & Professional Cyber Safety 1 Cr.

An introductory, self-paced, instructor-facilitated, online individual study course recommended for freshmen, or any student wanting to use computers, email, and social media safely. Topics include: information attributes to be protected by information security; reducing identity theft risk; preventing disasters by keeping adequate backups; preventing malware attacks; enabling firewalls; using strong authentication; resisting phishing and advance-fee frauds; rejecting telephone frauds; analyzing and resisting false rumors; using email effectively and professionally; avoiding embarrassment by controlling information-sharing; avoiding violations of anti-hacking and anti-piracy laws; and, avoiding accidental plagiarism. 1 Lecture hour. Offered: Fall, Spring.

CS 120 Business Applications & Problem Solving Techniques 3 Cr.

An introductory course in management information processing. The course explores the most important aspects of information systems with specific emphasis on business applications, practical usage, and current information. The student will obtain skills in word processing, spreadsheet analysis, and presentation tools using professional software packages. Structured problem-solving techniques will be emphasized throughout the course. Practical implementation projects and case studies will be used to reinforce topics such as computer, academic, and professional ethics for an information-based society. Prerequisite: Closed to Computer Science or Computer Security & Information Assurance majors. Offered: Fall, Spring.

CS 140 Programming and Computing 4 Cr.

An introduction to computing concepts and programming including the design and implementation of classes and complex data types. The course uses a high-level object-oriented language and emphasizes object-oriented design and implementation techniques. Good software engineering practice and language-specific concepts are introduced by means of programming projects that illustrate the importance of software quality attributes. This course serves as the basis for more advanced programming classes. 3 Lecture hours and 2 Lab hours. Prerequisite: CS 100 and CS 142, Grade of C or higher or instructor permission. Offered: Fall, Spring.

CS 142 Introduction to Python Programming 3 Cr.

A first course in fundamental computing concepts and object oriented programming using Python applied to problem solving. Designed for students with no programming background. Students learn object oriented programming concepts and syntax, variables and data types, input and output, control of the flow of logic, use of different data sources and structures, functions, modules and exception handling. Examples are drawn from diverse areas. 3 Lecture hours. Offered: Fall, Spring.

CS 188 No Norwich Equivalent 6 Cr.

CS 1XX Computer Science Elective 1-6 Cr.

This course is used for transfer when no equivalent Norwich course exists.

CS 212 Assembly Language & Reverse Engineering 3 Cr.

An introduction to assembly language and reverse engineering, including relationship among machine language, assemblers, disassemblers, compilers, and interpreters. This courses provides requisite skills for computer forensics, malware analysis, and cryptology. 3 lecture hours. Prerequisites: Grade of C or higher in CS 140. (Spring).

CS 221 GUI Programming 3 Cr.

A study of the design and implementation of the graphical user interface. The course will present fundamentals of usability and human factors in GUI design. One or more of the following will be studied and implemented in a student project: Visual Basic programming, Web programming, GUI code generators. Prerequisite: Grade of C or higher in CS 140. (Occasionally).

CS 228 Introduction to Data Structures 3 Cr.

An introduction to the basic concepts of algorithm analysis, data representation, and the techniques used to operate on the data. Topics include searching, sorting, linked lists, stacks, queues, trees, hash tables, graphs. 3 lecture hours. Prerequisite: C or higher in CS 140. (Fall).

CS 240 Database Management 3 Cr.

A study of the concepts and structures necessary to design and implement a database management system. Various data models will be examined and related to specific examples of database management systems including Structured Query Language (SQL). Techniques of system design, system implementation, data security, performance, and usability will be examined. 3 lecture hours. Prerequisite: Grade of C or higher in CS 140. (Spring).

CS 250 Virtual Systems Administration 3 Cr.

This course includes a combination of classroom lecture on network and virtualization theory as well as a variety of hands on exercises to provide students with an understanding of how to configure and manage a VMware ESX environment. Students will also learn how to carry out administration tasks specific to the day-to-day operations of the NUCAC-DF. Some of these tasks will include how to build and maintain classroom environments, understanding requirements given by professors and instructors for classrooms, and overall maintenance of the systems in the Center for Advanced Computing and Digital Forensics. 3 lecture hours. Prerequisite: instructor permission. (Occasionally).

CS 260 Data Communications and Networks 3 Cr.

An introductory study in fundamental concepts of computer networks and data communication including a survey of major protocols, standards, and architectures. Students use concepts and terminology of data communications effectively in describing how software applications and network services communicate with one another. Students read and analyze network traces to monitor communications, diagnose issues, and evaluate protocols. 3 lecture hours. Prerequisite: C or higher in CS 140. (Spring).

CS 270 Operating Systems & Parallelism 3 Cr.

An introduction to the theory and structure of modern operating systems, including hardware abstraction, process management, memory management, system performance, and security. Specific attention to multi-threaded processing, semaphores, locking and interprocess communication. 3 lecture hours. Prerequisites: C or higher in CS 140. (Spring) 202140.

CS 280 Introduction to Data Science 3 Cr.

Students learn data science foundations of data collection, manipulation, formulation, summarization, visualization and analytics by applying and mastering the use of data containers (e.g."data frames") to problems or questions of focal interest. 3 Lecture hours. Prerequisite: CS 142 or instructor permission. Offered: Fall, Spring.

CS 288 No Norwich Equivalent 6 Cr.

CS 290 Contemporary Data Visualization 3 Cr.

Students study and apply exploratory analysis and visual representation of data using contemporary software tools, algorithms and large data sets. Students discover, display and convey meaningful data relationships that target audiences may readily and correctly understand and use. 3 Lecture hours. Prerequisite: CS 142 or instructor permission. Offered: Fall.

CS 299 Pilot Course 3 Cr.

CS 2XX Computer Science Elective 6 Cr.

This course is used for transfer when no equivalent for a Norwich course exists.

CS 300 Management Information Systems 3 Cr.

This course provides an overview of information systems, their role in organizations, and the relationship of information systems to the objectives and structure of an organization. Management of software projects, decision making with regard to systems development, and organizational roles with regard to information systems is also discussed. Prerequisite: not open to Computer Science or Computer Security & Information Assurance majors. (Fall, Spring).

CS 301 Software Engineering 3 Cr.

An in-depth introduction to the software development life cycle, the techniques of information analysis, testing, and the logical specification of software. Particular attention to project management, documentation, and interpersonal communication. Utilizing industry-standard methods, the student progresses through the phases of specification, design, implementation, and testing of information systems. Object-oriented design techniques are used to design new logical and new physical systems for business-related problems. 3 lecture hours. Prerequisite: Grade of C or higher in CS 140.

CS 305 Advanced Data Science 3 Cr.

Students learn and apply advanced data science concepts and methods to a research topic of their interest chosen in consultation with the instructor. 3 Lecture hours. Restriction: Junior or higher or instructor permission. Prerequisite: CS 280 and EN 201 or instructor permission. Offered: Fall, Spring.

CS 315 Intro to Data & Web Mining 3 Cr.

Students learn and apply fundamentals of Data and Web-mining such as classification, clustering, association-rule mining and pattern mining through hands-on exploration of Web resources and other large sets of structured and unstructured data. Students examine and use a variety of broadly applicable, practical techniques to discover and extract meaningful patterns from both example data sets and real world data sources of particular interest to their academic and professional interests. 3 Lecture hours. Prerequisite: CS 280 or instructor permission. Offered: Fall.

CS 323 Surveillance and Privacy in Germany 3 Cr.

An introduction to and comparison between legal, social, historical, political, and technical issues surrounding surveillance and privacy in Germany and the United States. In addition to surveillance and privacy, students research, analyze, and discuss issues of transparency, free speech, democratic dissent, social control, corporate and governmental power, and political parties. 3 lecture hours. Prerequisite: Grade of C or higher in CS 100. (Summer).

CS 330 Ethics in Computing and Technology 3 Cr.

The course examines ethical dilemmas resulting from current technological trends, as well as the ethical standards and creeds of a variety of organizations (e.g., Association for Computing Machinery). Students learn to evaluate case studies from an ethical perspective. Students are expected to conduct literature surveys, produce bibliographies, write literature reviews, and present oral summaries of research as well as offer critical evaluation of writings related to ethics and technology. (Occasionally).

CS 388 No Norwich Equivalent 6 Cr.

CS 399 Pilot course 3 Cr.

A course is permitted to run as a pilot, without seeking faculty approval for one academic year. The section will include the title of the course. A student will not earn credit for a pilot course and the course when approved as its own course.

CS 3XX Computer Science Elective 6 Cr.

This course is used for transfer when no equivalent Norwich course exists.

CS 406 Special Topics in Computer Science 1-4 Cr.

A study of topics chosen from areas of current interest that are not offered as part of the permanent curriculum. Topics are chosen by instructors on a semester-by semester basis. Students may take the course more than once provided each semester taken covers a substantively different topic. 3 Lecture hours. Prerequisite: Instructor permission. (Occasionally).

CS 407 Politics of Cyberspace 3 Cr.

This course explores the interrelations of modern computing and communications technology with politics, power, news, privacy, crime, and creativity. The course assumes only a rudimentary familiarity with the basic concepts and terminology of modern Internet usage and computing and is not a technology-focused course. Prerequisite: Sophomore 2 status or higher. (Fall, Spring).

CS 410 Computing Internship 1-6 Cr.

Written academic products are required. A supervisor within the sponsoring organization must provide a written description of the internship beforehand, and a final performance evaluation of the student. Students may take the course more than once, up to a maximum of 18 hours earned credit, provided each semester taken covers a substantively different topic. Earned internship credit may be applied to not more than two required CS/CSIA major technical/concentration electives. Prerequisites: Junior status or higher; good academic standing; faculty approval and CS/CSIA Chair or Director approval. (Fall, Spring).

CS 420 Computer Science capstone I 3 Cr.

A two-semester course sequence normally taken in the Senior year. Based on the subject matter mastered during their previous coursework, students (individually or in a group) identify a current topic to study in depth. As part of their studies, they develop either a working software project or produce a substantial data or hardware artifact. This course represents the first semester of a students work towards such a project. Prerequisites: Junior status or higher; Computer Science major. (Fall).

CS 421 Computer Science capstone II 3 Cr.

As the second semester of the two-course capstone sequence, this course serves as a continuation of CS 420. Prerequisite: CS 420. (Spring).

CS 430 Computer Science Undergraduate Thesis I 3 Cr.

The computer science undergraduate thesis is a two-semester course sequence normally taken in the Senior year. The course introduces students to the breadth of tasks involved in independent research, including library work, problem formulation, experimentation, and writing and speaking. Based on the subject matter mastered during previous coursework, students (individually or in a group) identify a current topic to study in depth. Students produce an original research paper. This course represents the first semester of a student’s work towards such a project. Prerequisites: Junior standing or higher, Computer Science major. (Fall) 202140.

CS 431 Computer Science Undergraduate Thesis II 3 Cr.

The second semester of the two-course thesis sequence. Prerequisite: CS 430. (Spring).

CS 437 Machine Learning & Artificial Intelligence 3 Cr.

Students learn and apply fundamental concepts of machine learning and artificial intelligence through reading and synthesizing current research, hands-on application of artificial neural networks, construction of applications using machine and deep learning algorithms and contrasting current methods with significant, relevant alternatives. Students apply artificial intelligence paradigms such as expert system shells to approach practical, complex problems of particular relevance to their areas of study. Example areas include image and video analysis and classification, medical diagnosis and disease response, cybersecurity, drug discovery, dosage and content management in social media. 3 Lecture hours. Restriction: Junior or higher. Prerequisite: CS 315 and MA 306 or instructor permission. Offered: Spring.

CS 488 No Norwich Equivalent 6 Cr.

CS 4XX Computer Science Elective 4 Cr.

This course is used for transfer when no equivalent for a Norwich course exists.

Digital Forensics Courses

DF 188 No Norwich Equivalent 6 Cr.

DF 242 Computer Forensics I 4 Cr.

This course provides the student with an ability to perform basic forensic techniques and use appropriate media analysis software. Knowledge of the security, structure and protocols of network operating systems and devices are covered as students learn to gather evidence in a networked environment and to image and restore evidence properly without destroying its value. Students learn and practice gaining evidence from a computer system while maintaining its integrity and a solid chain of custody. Within the laboratory, students gain hands-on experience in the use of current investigative tools. Classroom 3 hours, laboratory 2 hours. Cross-listed as CJ 442. Prerequisites: CJ 341 or IA 241; grade of C or higher in CS 140. (Fall, Spring).

DF 288 No Norwich Equivalent 6 Cr.

DF 299 Pilot Course 3 Cr.

DF 311 Network Forensics 3 Cr.

Introduces digital forensic concepts and practices on local area networks, wide area networks and large scale networks such as the Internet. Lectures include topics based on table of contents in (Davidoff and Ham 2012) such as investigative techniques, and how to conduct an investigation, manage evidence and follow a cyber-trail. A large part of the course involves demonstrations and hands-on labs, including: use of network forensic tools such as packet monitors, security information and event managers (SIEMs), tracers, and other tools useful for analyzing events. Many of the labs involve analysis of packet captures of both actual attacks and theoretical malfeasance by offenders. Students have a final lab exercise instead of a final exam and are expected to research and present a final project. Prerequisite: CS 260. (Fall).

DF 312 Malware Forensics 3 Cr.

This predominantly laboratory-based course is an introduction to malware forensics including both static and dynamic analysis. Students study profiling, malware behavior, behavior of malware on computer networks, anti-reversing and anti-debugging techniques, and packers. Prerequisites: CS 212, DF 242. (Spring).

DF 388 No Norwich Equivalent 6 Cr.

DF 395 Cyber Criminalistics 3 Cr.

This survey course uses lecture, case studies and hands-on lab exercises in digital investigation and cyber forensics to introduce students to the investigation and analysis of cybercrime and cyber criminals. Topics include: cybercrime typology, cyber-criminal profiling, network tracking, introduction to the tools of the cyber- criminalist, techniques of cybercrime scene assessment, digital evidence management and analyzing the forensic remnants of a cyber event. During the course of the laboratory exercises, students create a personal lab notebook recording their lab exercises and manage evidence including maintaining a proper chain of custody. Prerequisites: Criminal Justice major at Sophomore 2 standing or higher. (Fall, Spring).

DF 411 Cyber Investigation 3 Cr.

An introduction to cyber investigation, including elements of cybercrime, cyberwarfare and cyberterrorism. The course examines investigative techniques for cyber-investigators, case studies of representative cybercrimes and cyber warfare incidents, some cyber investigation tools and expert witnessing. The course builds up to a mock trial where students act as a cyber-investigation task force on an actual case of cybercrime. This is a course that incorporates extensive reading as well as hands-on lab exercises. Prerequisites: DF 242; Computer Science or Computer Security & Information Assurance major at Sophomore 2 standing or higher. (Fall) 202140.

DF 425 Advanced Digital Forensics 3 Cr.

Students combine concepts learned through prerequisite digital forensics classes and apply that knowledge to new and emerging technological threats and challenges. Content is taught via lecture, and extensive hands-on and research-based application of knowledge to recover and analyze evidence from a range of disparate devices and contexts including: mobile phones analysis and tools; anti-forensic techniques; Internet of Things (IoT) sources; Cloud/online based sources; and, embedded systems and devices. Particular reference will be made throughout the class to existing relevant legal and ethical frameworks. 3 lecture hours. Prerequisites: DF 242, DF 311. (Spring).

DF 488 No Norwich Equivalent 6 Cr.

DF 4XX Advanced Forensics 3 Cr.

This course is used for transfer when no equivalent Norwich course exists.

Information Assurance Courses

IA 188 No Norwich Equivalent 6 Cr.

IA 241 Cyberlaw and Cybercrime 3 Cr.

This course includes extensive discussion of the legal constraints, both civil and criminal, that underlie acceptable behavior using computers and networks today. 3 lecture hours. Cross-listed with CJ 341; not permitted to earn credit for both IA 241 and CJ 341. Prerequisite: Freshmen 2 status or higher. (Fall).

IA 288 No Norwich Equivalent 6 Cr.

IA 340 Introduction to Information Assurance 3 Cr.

This course introduces the foundations of information assurance, with focus on concepts and terminology used in describing, analyzing, and implementing information security. Topics include the history and mission of information assurance, history of computer crime, modern and historical cryptology, information warfare, penetrating computer systems and networks, malware, social engineering, spam, phishing, physical and facilities security, network security, identification and authentication, securing stored data, data backups and archives, patch management, and protecting digital rights. 3 lecture hours. Prerequisite: CS 140 with grade of C or higher. (Fall).

IA 342 Management of Information Assurance 3 Cr.

This course focuses on management of the information assurance process. Topics include human factors in reducing security breaches, security incident detection and response, remediation, management's role in information assurance, and other considerations in framing and implementing information assurance policies. The final section reviews current topics of particular interest and activity in the field of information assurance. 3 lecture hours. Prerequisite: CS 140 with a grade of C or higher. (Spring).

IA 360 Network Security 3 Cr.

This course focuses on the concepts, terminology and practice of network security. Topics include the fundamental goals of network security and practical applications of wired and wireless network security techniques such as applications of cryptology in network protocols, authentication, access control, network security devices such as firewalls and intrusion detection and prevention systems, incident response, log analysis, honeypots and honeynets. 3 lecure hours. Prerequisite: CS 260. (Spring).

IA 388 No Norwich Equivalent 6 Cr.

IA 455 Contemporary Issues in Information Assurance 3 Cr.

A capstone seminar for Computer Security and Information Assurance majors which will vary every term in accordance with the current issues of the time. Students work with the instructor as they explore today's issues and trends in preparation of a thesis or project. Emphasis is placed on critical thinking, research and evaluation of current issues. A comprehensive computer security exam is included in this course. 3 lecture hours. Prerequisites: IA 340, IA 342; Computer Security & Information Assurance majors; Junior 2 status or higher. (Fall).

IA 456 Cyber Defense Practicum 3 Cr.

This course provides practical application of the concepts learned over the course of the CSIA program. This is the technical capstone for the program and is a required course. The class is divided into three teams. Each team rotates through red (attack), blue (defend) and white (monitor/analyze) cells over the semester. Network attack analysis, intrusion detection systems and the use of network forensics in attaché analysis and defense are covered. Several open source and commercial tools during the class are used. Scenarios on a variation of the virtual network are ran. Blue teams harden the devices on the network to resist attack and are scored on how successful they are. Red teams develop a suite of attacks that allow completion of the scenario and are scored on the completeness of attack preparations. White teams analyze the red attacks and the blue responses and present analysis to the class at the close of the exercise. The scenario changes slightly for the iterations presented. 3 lab hours. Prerequisites: IA 340, and IA 360 or DF 311. (Spring) 202140.

IA 488 No Norwich Equivalent 6 Cr.

Information Systems Courses