Skip Navigation

Cyber Up! Digital Forensics and Incident Response Project

The primary objective of the grant is to develop six (6) courses leading to an Associate of Science degree specializing in Digital Forensics and Incident Response.

In order to achieve the primary objective, the project intends to research other similar projects and programs to adapt and adopt from other models. The project team will also confer with professionals working in industry and government roles to ensure that the course content meets industry needs. 

Similar projects and programs include Union County College’s Cyber Service! Interdisciplinary & Experiential Education for Cyber Forensics Technicians, Daytona State College’s Southeastern Advanced Cybersecurity Education Consortium, and Ivy Tech Community College’s Adaptation and Implementation of a Cybersecurity and Cyberforensics Curriculum in a Two-Year Community College. These projects and programs will be reviewed for strengths and opportunities to adapt and adopt for the new DFIR program at Coastline College.

Cybersecurity frameworks and models will be used to ensure a variety of input is considered. Three models have been selected for review and mapping to develop the DFIR program, the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (CSWF), CyberSeek, and SANS Institute. The knowledge, skills, abilities, and tasks of the NICE CSWF for work roles in Cyber Defense Incident Responder and Cyber Defense Forensics Analyst were selected to align with the work roles targeted for the DFIR program. The pathways for work roles of Cyber Crime Analyst Investigator and Incident Analyst Responder were selected for review from CyberSeek. And, lastly, the SANS Institute GIAC Certifications for Forensic Examiner and Incident Handler were reviewed.

An advisory board comprised of professionals with a broad range of work experience in digital forensics and incident response will provide strategic advice to Coastline College faculty for the development of curriculum for the DFIR program. 

Cyber Up! Project Goals

  • Research other similar projects and programs to adapt and adopt from their models.
  • Research industry and government needs to find relevant cybersecurity workforce frameworks and industry-recognized certifications.
  • Assemble an advisory board of subject matter experts currently working in government, industry, and academia.
  • Work with the advisory board to identify cybersecurity workforce needs related to DFIR work roles.
  • Develop course outlines of record for a series of 6 courses in digital forensics and incident response.
  • Develop a Certificate of Achievement in Digital Forensics and Incident Response.
  • Develop an Associate of Science degree in Digital Forensics and Incident Response.
  • Develop model course content and hands-on lab assignments for DFIR program courses.
  • Disseminate project updates to cybersecurity community.
  • Disseminate model course content to other interested colleges and universities to adapt and adopt for their institution.

Cyber Up! Proposed Courses and Awards

Principal Investigator

Professor Tobi West, CISSP, GCFE

CIS/CST/DGA Department Chair

714-714-7244

twest@coastline.edu

12901 Euclid St

Garden Grove, CA 92840

Award Name

Description

Associate of Science in Digital Forensics and Incident Response

The Associate of Science in Digital Forensics and Incident Response will provide students with a solid foundation in the field of cybersecurity with specialization in cyber defense techniques. The program is designed to prepare students for entry-level cyber
jobs or to help them advance into mid-level cyber careers, such as cybercrime analyst, cyber incident analyst, cyber incident responder, digital forensic examiner, digital forensic technician, and vulnerability tester. Topics covered include planning and
scoping a cyber incident, domestic and international cyber laws, ethics, chain of custody, incident detection and analysis, anti-forensic techniques, timeline analysis, incident containment, eradication, recovery, report preparation, and expert testimony. The program includes hands-on and technical writing assignments to help students develop their skills for the cybersecurity workforce. 

CYBR C150 OR CST C245 Intro to Digital Forensics

CYBR C160 Intro to Incident Response

CYBR C170 Cybercrime and CSIRT Coordination

CYBR C250 Intermediate Digital Forensics

CYBR C260 Intermediate Incident Response

CYBR C280 Advanced DFIR Capstone 

Certificate of Achievement in Digital Forensics and Incident Response

The Certificate of Achievement in Digital Forensics and Incident Response will provide students with a solid foundation in the field of cybersecurity with specialization in cyber defense techniques. The program is designed to prepare students for entry-level cyber jobs or to help them advance into mid-level cyber careers, such as cybercrime analyst, cyber incident analyst, cyber incident responder, digital forensic examiner, digital forensic technician, and vulnerability tester. Topics covered include planning and scoping a cyber incident, domestic and international cyber laws, ethics, chain of custody, incident detection and analysis, anti-forensic techniques, timeline analysis, incident containment, eradication, recovery, report preparation, and expert testimony. The program includes hands-on and technical writing assignments to help students develop their skills for the cybersecurity workforce. 

CYBR C150 OR CST C245 Intro to Digital Forensics

CYBR C160 Intro to Incident Response

CYBR C170 Cybercrime and CSIRT Coordination

CYBR C250 Intermediate Digital Forensics

CYBR C260 Intermediate Incident Response

CYBR C280 Advanced DFIR Capstone

Objectives of Cyber Up! Digital Forensics and Incident Response

Contact Information

Project Timeline

With a three year grant funding period, the project will run October 1, 2019 through September 30, 2021. Major milestone activities for the project include curriculum development, course content development, and hands-on lab assignment development. The project’s Principal Investigator, Tobi West, will report annually, at the end of each budget period, to the assigned Program Manager at the National Science Foundation. 

Course #

Course Name

Description

CYBR 150

OR
CST C245

Introduction to Digital Forensics

Students will explore an introduction to digital forensics using open source applications. Topics covered include chain of custody, forensic acquisition of data, forensic evidence reporting, expert witness testimony, timeline analysis, and anti-forensic techniques. Hands-on assignments will be used to develop introductory technical skills relevant to entry-level cybersecurity professionals. This course is intended for students with computer experience and an interest in cyber defense for private organizations or government law enforcement. Careers and emerging trends in the field of cybersecurity will be evaluated. 

CYBR C160

Introduction to Incident Response

Students will explore an introduction to cyber incident response using industry-recognized tools. Topics covered include incident response case studies, incident response tools used in industry, advanced persistent threats, documentation and technical reporting, timeline analysis, case management, and hunting, gathering, and foraging for cyber threats. Hands-on assignments will be used to help students develop introductory technical skills relevant to entry-level cybersecurity professionals. This course is intended for students with computer experience and an interest in cyber defense for private organizations or government law enforcement. Careers and emerging trends in the field of cybersecurity will be evaluated. 

CYBR C170

Cybercrime and CSIRT Coordination

Students will explore an introduction to laws relevant to cybercrime and the roles of the Cyber Security Incident Response Team (CSIRT). Topics covered include international, federal, and state laws relevant to cybercrime, an overview of the U.S. court system and jurisdictions, CSIRT coordination within the team and with stakeholders internal to the organization, ethics pertaining to cyber professionals, project management, technical writing, countermeasures, and compliance. This course is intended for students with an interest in cyber defense for private organizations or government law enforcement. Careers and emerging trends in the field of cybersecurity will be evaluated. 

CYBR C250

Intermediate Digital Forensics

Students will explore digital forensic techniques using industry-recognized tools. Topics covered include an introduction to network forensics and mobile device forensics, investigative and extraction tools, live acquisition data, evidence reporting, time-stomping and anti-forensic techniques, and the significance of time zones for forensic case analysis. Hands-on assignments will be used to develop technical skills relevant to entry-level cybersecurity professionals. This course is intended for students with computer experience and an interest in cyber defense for private organizations or government law enforcement. Careers and emerging trends in the field of cybersecurity will be evaluated. 

CYBR C260

Intermediate Incident Response

Students will explore incident response techniques using industry-recognized tools. Topics
covered include planning and scoping a cyber incident, information gathering for vulnerability assessment, vulnerability scanning and summarization reporting, report writing and best practices, obfuscation techniques, forensic artifacts, social media forensics, memory forensics, ethics and compliance issues. Hands-on assignments will be used to develop technical skills relevant to entry-level cybersecurity professionals. This course is intended for students with computer experience and an interest in cyber defense for private organizations or government law enforcement. Careers and emerging trends in the field of cybersecurity will be evaluated. 

CYBR C280

Advanced Digital Forensics & Incident Response Capstone

Students will explore advanced digital forensics and incident response techniques using industry-recognized tools. Hands-on projects will be used to demonstrate technical skills relevant to entry-level cybersecurity professionals. Students will analyze a simulated case and report findings through technical documents and presentation. This course is intended for students with computer experience and an interest in cyber defense for private organizations or government law enforcement. Careers and emerging trends in the field of cybersecurity will be evaluated. 

The DFIR program courses and awards will be offered under the new Cybersecurity subject code designated as CYBR on Coastline College’s searchable schedule. Students interested in the program can begin taking CST C245 Computer Forensics in the spring 2020 semester and additional courses will be offered in the fall 2020 semester. The awards are anticipated to be offered as early as fall 2020.

Year

Date Range

Anticipated Activities

1

Oct 1, 2018 – Sep 30, 2019

  • Research other similar projects and programs to adapt and adopt from their models.
  • Research industry and government needs to find relevant cybersecurity workforce frameworks and industry-recognized certifications.
  • Assemble an advisory board of subject matter experts currently working in government, industry, and academia.
  • Work with the advisory board to identify cybersecurity workforce needs related to DFIR work roles.
  • Develop course outlines of record for a series of 6 courses in digital forensics and incident response.
  • Disseminate project updates to cybersecurity community.

2

Oct 1, 2019 – Sep 30, 2020

  • Develop a Certificate of Achievement in Digital Forensics and Incident Response.
  • Develop an Associate of Science degree in Digital Forensics and Incident Response.
  • Work with the advisory board to identify cybersecurity workforce needs related to DFIR work roles.
  • Develop model course content and hands-on lab assignments for DFIR program courses.
  • Disseminate project updates to cybersecurity community.

3

Oct 1, 2020 – Sep 30, 2021

  • Work with the advisory board to identify cybersecurity workforce needs related to DFIR work roles.
  • Disseminate model course content to other interested colleges and universities to adapt and adopt for their institution.
  • Disseminate project updates to cybersecurity community.