IS 392 Information Systems Forensics Internals - Auditing
Examines the tools and techniques used in the recovery of information-systems-generated artifacts used to aid forensic evidence collection and timeline corroboration. The operating system is a key source of evidence where students will examine system policies, auditing techniques, authentication methods, and event and system logging techniques for the family of Windows and Mac operating systems. Students will review documented prosecutions and investigations where operating system artifact recovery led to a successful resolution.
Prerequisite(s): IS 231 Network Technologies.