<<Prev Rule

Texas Administrative Code

Next Rule>>
RULE §127.765Digital Forensics (One Credit), Beginning with School Year 2019-2020

(a) General requirements. Students shall be awarded one credit for successful completion of this course. This course is recommended for students in Grades 9-12.

(b) Introduction.

  (1) Career and technical education instruction provides content aligned with challenging academic standards and relevant technical knowledge and skills for students to further their education and succeed in current or emerging professions.

  (2) The Science, Technology, Engineering, and Mathematics (STEM) Career Cluster focuses on planning, managing, and providing scientific research and professional and technical services, including laboratory and testing services, and research and development services.

  (3) Digital forensics is an evolving discipline concerned with analyzing anomalous activity on computers, networks, programs, and data. As a discipline, it has grown with the emergence of a globally-connected digital society. As computing has become more sophisticated, so too have the abilities of malicious agents to access systems and private information. By evaluating prior incidents, digital forensics professionals have the ability to investigate and craft appropriate responses to disruptions to corporations, governments, and individuals. Whereas cybersecurity takes a proactive approach to information assurance to minimize harm, digital forensics takes a reactive approach to incident response.

  (4) Digital Forensics introduces students to the knowledge and skills of digital forensics. The course provides a survey of the field of digital forensics and incident response.

  (5) Students are encouraged to participate in extended learning experiences such as career and technical student organizations and other leadership or extracurricular organizations.

  (6) Statements that contain the word "including" reference content that must be mastered, while those containing the phrase "such as" are intended as possible illustrative examples.

(c) Knowledge and skills.

  (1) Employability skills. The student identifies necessary skills for career development and employment opportunities. The student is expected to:

    (A) investigate the need for digital forensics;

    (B) research careers in digital forensics along with the education and job skills required for obtaining a job in both the public and private sector;

    (C) identify job and internship opportunities as well as accompanying duties and tasks;

    (D) identify and discuss certifications for digital forensics careers;

    (E) explain ethical and legal responsibilities in relation to the field of digital forensics;

    (F) identify and describe businesses and government agencies that use digital forensics;

    (G) identify and describe the kinds of crimes investigated by digital forensics specialists; and

    (H) solve problems and think critically.

  (2) Employability skills. The student communicates and collaborates effectively. The student is expected to:

    (A) apply effective teamwork strategies;

    (B) collaborate with a community of peers and professionals;

    (C) create, review, and edit a report summarizing technical findings; and

    (D) present technical information to a non-technical audience.

  (3) Ethics and laws. The student recognizes and analyzes ethical and current legal standards, rights, and restrictions related to digital forensics. The student is expected to:

    (A) develop a plan to advocate for ethical and legal behaviors both online and offline among peers, family, community, and employers;

    (B) research local, state, national, and international law such as the Electronic Communications Privacy Act of 1986, Title III (Pen Register Act); USA PATRIOT Act of 2001; and Digital Millennium Copyright Act;

    (C) research historic cases or events regarding digital forensics or cyber;

    (D) examine ethical and legal behavior when presented with confidential or sensitive information in various scenarios related to cyber activities;

    (E) analyze case studies of computer incidents;

    (F) use the findings of a computer incident investigation to reconstruct the incident;

    (G) identify and discuss intellectual property laws, issues, and use;

    (H) contrast legal and illegal aspects of information gathering;

    (I) contrast ethical and unethical aspects of information gathering;

    (J) analyze emerging legal and societal trends affecting digital forensics; and

    (K) discuss how technological changes affect applicable laws.

  (4) Digital citizenship. The student understands and demonstrates the social responsibility of end users regarding digital technology, safety, digital hygiene, and cyberbullying. The student is expected to:

    (A) identify and use digital information responsibly;

    (B) use digital tools responsibly;

    (C) identify and use valid and reliable sources of information; and

    (D) gain informed consent prior to investigating incidents.

  (5) Digital forensics skills. The student locates, processes, analyzes, and organizes data. The student is expected to:

    (A) identify sources of data;

    (B) analyze and report data collected;

    (C) maintain data integrity;

    (D) examine metadata of a file; and

    (E) examine how multiple data sources can be used for digital forensics, including investigating malicious software (malware) and email threats.

  (6) Digital forensics skills. The student understands software concepts and operations as they apply to digital forensics. The student is expected to:

    (A) compare software applications as they apply to digital forensics;

    (B) describe the purpose of various application types such as email, web, file sharing, security applications, and data concealment tools;

    (C) identify the different purposes of data formats such as pdf, wav, jpeg, and exe;

    (D) describe how application logs and metadata are used for investigations;

    (E) describe digital forensics tools;

    (F) select the proper software tool based on appropriateness, effectiveness, and efficiency for a given digital forensics scenario; and

    (G) describe components of applications such as configurations settings, data, supporting files, and user interface.

  (7) Digital forensics skills. The student understands operating systems concepts and functions as they apply to digital forensics. The student is expected to:

    (A) compare various operating systems;

    (B) describe file attributes, including access and creation times;

    (C) describe how operating system logs are used for investigations;

    (D) compare and contrast the file systems of various operating systems;

    (E) compare various primary and secondary storage devices; and

    (F) differentiate between volatile and non-volatile memory.

  (8) Digital forensics skills. The student understands networking concepts and operations as they apply to digital forensics. The student is expected to:

    (A) examine networks, including Internet Protocol (IP) addressing and subnets;

    (B) describe the Open Systems Interconnection (OSI) model;

    (C) describe the Transmission Control Protocol/Internet Protocol (TCP/IP) model;

    (D) use network forensic analysis tools to examine network traffic data from sources such as firewalls, routers, intrusion detection systems (IDS), and remote access logs; and

    (E) identify malicious or suspicious network activities such as mandatory access control (MAC) spoofing and rogue wireless access points.

  (9) Digital forensics skills. The student explains the principles of access controls. The student is expected to:

    (A) define the principle of least privilege;

    (B) describe the impact of granting access and permissions;

    (C) identify different access components such as passwords, tokens, key cards, and biometric verification systems;

    (D) explain the value of an access log to identify suspicious activity;

    (E) describe the risks of granting third parties access to personal and proprietary data on social media and systems;

    (F) describe the risks involved with accepting Terms of Service (ToS) or End User License Agreements (EULA) without a basic understanding of the terms or agreements; and

    (G) identify various access control methods such as MAC, role-based access control (RBAC), and discretionary access control (DAC).

  (10) Incident response. The student follows a methodological approach to prepare for and respond to an incident. The student is expected to:

    (A) define the components of the incident response cycle, including preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity;

    (B) describe incident response preparation;

    (C) discuss incident response detection and analysis;

    (D) discuss containment and eradication of and recovery from an incident;

    (E) describe post-incident activities such as reflecting on lessons learned, using collected incident data, and retaining evidence of an incident;

    (F) develop an incident response plan; and

    (G) describe ways a user may compromise the validity of existing evidence.

  (11) Incident response. The student objectively analyzes collected data from an incident. The student is expected to:

    (A) identify the role of chain of custody in digital forensics;

    (B) describe safe data handling procedures;

    (C) explain the fundamental concepts of confidentiality, integrity, availability, authentication, and authorization;

    (D) identify and report information conflicts or suspicious activity;

    (E) identify events of interest and suspicious activity by examining network traffic; and

    (F) identify events of interest and suspicious activity by examining event logs.

  (12) Incident response. The student analyzes the various ways systems can be compromised. The student is expected to:

    (A) analyze the different signatures of cyberattacks; and

    (B) identify points of weakness and attack vectors such as online spoofing, phishing, and social engineering.

Source Note: The provisions of this §127.765 adopted to be effective April 7, 2022, 47 TexReg 1677

Link to Texas Secretary of State Home Page | link to Texas Register home page | link to Texas Administrative Code home page | link to Open Meetings home page