Syllabus for Comp 399 Digital Forensics and Pen Testing

Instructor: Dr. John F. Santore
Phone: 508-531-2226
Office: Conant 330

Instructor Web Page:
Course Web Page:

Office Hours for Spring 2014:
Mon 10:00-11:00am, 5:30-5:50pm
Tues: 5-5:50pm
Wed: 3:15-4:15pm
Fri: 10-11am
or by appointment

I will take appointments if you cannot make my other office hours, however, I generally have meetings and work prepared for a day or two ahead so plan on about 48 hours from the time I get your request to us being able to meet.

Course Description:

This course will introduce students to the practice of digital forensics for the first half of the course. In the second half of the course we will work on some penetration testing to try to find weak spots.

Course Outcomes:

    After taking this course the student should be able to:

  1. Understand The basic techniques used in digital forensics
  2. Find some of the easier to retrieve digital forensics information in hands on exercises.
  3. Report results of a digital forensics investigation in a clear and concise manner. 
  4. understand the basics of penetration testing (hacking)
  5. Write clearly and concisely about information security issues.


Violent Python by TJ O'Connor
Digital Forensics with Open Source Tools Altheide & Carvey

Class Requirements and grading:

Projects: 50%
Exams: 40%
Everything else (quizzes, participation, homework etc): 10%

Project work:

Since you can't *really* understand digital forensics, or other important computer science concepts without working and practicing with them by , there will be several projects in this class.

There will be a number of projects  in this course. Projects are to be turned in on time. Late projects will be penalized 50% for each day that they are late (i.e if you turn it in the day after it is due, your best possible score is 50%, a second day late will receive 25% credit for a perfect lab. It is therefore almost always best to submit whatever you have on time.


There will be two exams, a midterm and a final exam. The midterm be worth 20% of your final grade. The final will be work 20% of your final grade. Exams will be given on at their assigned times. If you have a legitimate reason for missing an exam, see your instructor before the scheduled exam time to arrange for reasonable accommodation. If you miss the exam without prior approval, you will forfeit the exam. (emergency room visits and the like excepted of course)

The midterm exam is scheduled on  March 5th.

The final exam will be scheduled by the college.

Exams are your major in class, completely on your own, evaluation of your progress. 

Students with special needs:

Anyone who has special needs should contact me in the first week of classes so that reasonable accommodations can be agreed on.

Academic Integrity:

See  for a complete description of the academic integrity procedure at Bridgewater.

Academic integrity will be taken very seriously in this class. All individual work must be your own. If you cheat or otherwise represent the work of others as your own. You will receive an F for the course.

Guidelines for proper academic integrity:

Discussing problems with your classmates can help you understand the problems and kinds of solutions to those problems that you will learn about in this class. In an effort to make in clear what sort of discussions are appropriate and encouraged in this class and which cross the line to academic dishonesty I use the following guidelines: You may discuss any out of class problem I assign in this class with your classmates or other so long as no one is using any sort of recording implement including, but not limited to, computers, pdas, pens, pencils, phones etc. This lets you talk about theoretical solutions without sharing the actual implementations. As soon as anyone in the group is typing, writing etc, all conversations must stop. You may look at someone else's program code only very briefly in order to spot a simple syntax error. As a rule of thumb, if you find yourself looking at someone else's code for more than about 30-45 seconds it is probably time to stop. If you are having trouble with your program, come to the instructors office hours for more help.

All in class exams and quizzes are closed book and closed neighbor. If you are found using a data storage device of any kind during one of these evaluations, you will be failed for the course.

Standards for in class behavior:

You are all adults and are expected to act as adults in this class. While questions are encouraged in this class, if a particular line of questioning is taking us too far afield, I will ask the student to come by my office hours or to see me after class.

Cell phones, pagers, electronic organizers and other devises should be silenced while in class. If you work of EMS or something similar, please turn your cell phones/ pagers etc to vibrate mode so that you are not disrupting others in the class.

In the unlikely case of trouble makers in the class, those who are simply attempting to disrupt the class will be asked to stop; those who will not, will be referred to the college for appropriate action.

I do not take regular attendance. Because of the census day regulations, I'll have to take occasional attendance. You are adults and are paying for this class. If you miss a class, you are expected to get notes from a classmate and familiarize yourself with the material that was covered before returning to class. I do find from dealing with students in the past that attendance at lecture is highly correlated with doing well in my classes.

Tentative Schedule:

Week Topic Assignment
Week 1 Intro

Week 2 technical concepts

Week 3 evidence collection
Week 4 windows artifacts that lead to evidence to collect.

Week 5 mac and linux artifacts

Week 6 Data destruction and anti forensics.
Week 7 network forensics

Week 8 review and Midterm

Week 9 mobile forensics

Week 10 Intro to penetration testing

Week 11 reconnaissance and scanning

Week 12 Exploitation
Week 13 Web based exploitation

Week 14 backdoors and rootkits.

Week 15 review