SECTION 127.793. Digital Forensics (One Credit), Adopted 2022  


Latest version.
  • (a) Implementation. The provisions of this section shall be implemented by school districts beginning with the 2023-2024 school year.

    (1) No later than August 1, 2023, the commissioner of education shall determine whether instructional materials funding has been made available to Texas public schools for materials that cover the essential knowledge and skills identified in this section.

    (2) If the commissioner makes the determination that instructional materials funding has been made available this section shall be implemented beginning with the 2023-2024 school year and apply to the 2023-2024 and subsequent school years.

    (3) If the commissioner does not make the determination that instructional materials funding has been made available under this subsection, the commissioner shall determine no later than August 1 of each subsequent school year whether instructional materials funding has been made available. If the commissioner determines that instructional materials funding has been made available, the commissioner shall notify the State Board of Education and school districts that this section shall be implemented for the following school year.

    (b) General requirements. This course is recommended for students in Grades 9-12. Prerequisite: Foundations of Cybersecurity. Students shall be awarded one credit for successful completion of this course.

    (c) Introduction.

    (1) Career and technical education instruction provides content aligned with challenging academic standards,, industry relevant technical knowledge, and college and career readiness skills for students to further their education and succeed in current and emerging professions.

    (2) The Science, Technology, Engineering, and Mathematics (STEM) Career Cluster focuses on planning, managing, and providing scientific research and professional and technical services, such as laboratory and testing services and research and development services.

    (3) Digital forensics is a critical discipline concerned with analyzing anomalous activity on computers, networks, programs, and data. As a discipline, it has grown with the expansion of a globally connected digital society. As computing has become more sophisticated, so too have the abilities to access systems and sensitive information. Digital forensics professionals investigate and craft appropriate responses to disruptions to governments, organizations, and individuals. Whereas cybersecurity takes a proactive approach to information assurance to minimize harm, digital forensics takes a reactive approach to incident response.

    (4) Digital Forensics introduces students to the knowledge and skills of digital forensics. The course provides a survey of the field of digital forensics and incident response.

    (5) Students are encouraged to participate in extended learning experiences such as career and technical student organizations and other leadership or extracurricular organizations.

    (6) Statements that contain the word "including" reference content that must be mastered, while those containing the phrase "such as" are intended as possible illustrative examples.

    (d) Knowledge and skills.

    (1) Employability skills. The student identifies necessary skills for career development and employment opportunities. The student is expected to:

    (A) investigate the need for digital forensics;

    (B) research careers in digital forensics along with the education and job skills required for obtaining a job in both the public and private sector;

    (C) identify job and internship opportunities and accompanying job duties and tasks and contact one or more companies or organizations to explore career opportunities;

    (D) identify and discuss certifications for digital forensics careers;

    (E) explain ethical and legal responsibilities in relation to the field of digital forensics;

    (F) identify and describe businesses and government agencies that use digital forensics;

    (G) identify and describe the kinds of crimes investigated by digital forensics specialists; and

    (H) solve problems and think critically.

    (2) Employability skills. The student communicates and collaborates effectively. The student is expected to:

    (A) apply effective teamwork strategies;

    (B) collaborate with a community of peers and professionals;

    (C) create, review, and edit a report summarizing technical findings; and

    (D) present technical information to a non-technical audience.

    (3) Ethics and laws. The student recognizes and analyzes ethical and current legal standards, rights, and restrictions related to digital forensics. The student is expected to:

    (A) develop a plan to advocate for ethical and legal behaviors both online and offline among peers, family, community, and employers;

    (B) research and discuss local, state, national, and international law such as the Electronic Communications Privacy Act of 1986, Title III (Pen Register Act); USA PATRIOT Act of 2001; and Digital Millennium Copyright Act;

    (C) research and discuss historic cases or events regarding digital forensics or cybersecurity;

    (D) analyze ethical and legal behavior when presented with confidential or sensitive information in various scenarios related to cybersecurity activities;

    (E) analyze case studies of computer incidents;

    (F) use the findings of a computer incident investigation to reconstruct a computer incident;

    (G) identify and discuss intellectual property laws, issues, and use;

    (H) contrast legal and illegal aspects of information gathering;

    (I) contrast ethical and unethical aspects of information gathering;

    (J) analyze emerging legal and societal trends affecting digital forensics; and

    (K) discuss how technological changes affect applicable laws.

    (4) Digital citizenship. The student understands and demonstrates the social responsibility of end users regarding digital technology, safety, digital hygiene, and cyberbullying. The student is expected to:

    (A) identify and use digital information responsibly;

    (B) use digital tools responsibly;

    (C) identify and use valid and reliable sources of information; and

    (D) gain informed consent prior to investigating incidents.

    (5) Digital forensics skills. The student locates, processes, analyzes, and organizes data. The student is expected to:

    (A) identify sources of data;

    (B) analyze and report data collected;

    (C) discuss how to maintain data integrity such as by enabling encryption;

    (D) examine and describe metadata of a file; and

    (E) examine and describe how multiple data sources can be used for digital forensics, including investigating malicious software (malware) and email threats.

    (6) Digital forensics skills. The student understands software concepts and operations as they apply to digital forensics. The student is expected to:

    (A) compare software applications as they apply to digital forensics;

    (B) describe the purpose of various application types such as email, web, file sharing, security applications, and data concealment tools;

    (C) identify the different purposes of data formats such as pdf, wav, jpeg, and exe;

    (D) describe how application logs and metadata are used for investigations such as Security Information and Event Management (SIEM) reports;

    (E) describe digital forensics tools;

    (F) select the proper software tool based on appropriateness, effectiveness, and efficiency for a given digital forensics scenario;

    (G) describe components of applications such as configurations settings, data, supporting files, and user interface; and

    (H) describe how the "as a service" model applies to incident response.

    (7) Digital forensics skills. The student understands operating systems concepts and functions as they apply to digital forensics. The student is expected to:

    (A) compare various operating systems;

    (B) describe file attributes, including access and creation times;

    (C) describe how operating system logs are used for investigations;

    (D) compare and contrast the file systems of various operating systems;

    (E) compare various primary and secondary storage devices; and

    (F) differentiate between volatile and non-volatile memory.

    (8) Digital forensics skills. The student understands networking concepts and operations as they apply to digital forensics. The student is expected to:

    (A) examine networks, including Internet Protocol (IP) addressing and subnets;

    (B) describe the Open Systems Interconnection (OSI) model;

    (C) describe the Transmission Control Protocol/Internet Protocol (TCP/IP) model;

    (D) use network forensic analysis tools to examine network traffic data from sources such as firewalls, routers, intrusion detection systems (IDS), and remote access logs; and

    (E) identify malicious or suspicious network activities such as mandatory access control (MAC) spoofing and rogue wireless access points.

    (9) Digital forensics skills. The student explains the principles of access controls. The student is expected to:

    (A) define the principle of least privilege;

    (B) describe the impact of granting access and permissions;

    (C) identify different access components such as passwords, tokens, key cards, and biometric verification systems;

    (D) explain the value of an access log to identify suspicious activity;

    (E) describe the risks of granting third parties access to personal and proprietary data on social media and systems;

    (F) describe the risks involved with accepting Terms of Service (ToS) or End User License Agreements (EULA) without a basic understanding of the terms or agreements; and

    (G) identify various access control methods such as mandatory access control (MAC), attribute-based access control (ABAC), role-based access control (RBAC), and discretionary access control (DAC).

    (10) Incident response. The student follows a methodological approach to prepare for and respond to an incident. The student is expected to:

    (A) define the components of the incident response cycle, including preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity;

    (B) describe incident response preparation;

    (C) discuss incident response detection and analysis;

    (D) discuss containment and eradication of and recovery from an incident;

    (E) describe post-incident activities such as reflecting on lessons learned, using collected incident data, and retaining evidence of an incident;

    (F) develop an incident response plan; and

    (G) describe ways a user may compromise the validity of existing evidence.

    (11) Incident response. The student objectively analyzes collected data from an incident. The student is expected to:

    (A) identify the role of chain of custody in digital forensics;

    (B) describe safe data handling procedures;

    (C) explain the fundamental concepts of confidentiality, integrity, availability, authentication, and authorization;

    (D) identify and report information conflicts or suspicious activity;

    (E) identify events of interest and suspicious activity by examining network traffic; and

    (F) identify events of interest and suspicious activity by examining event logs.

    (12) Incident response. The student analyzes the various ways systems can be compromised. The student is expected to:

    (A) analyze the different signatures of cyberattacks;

    (B) identify points of weakness and attack vectors such as online spoofing, phishing, and social engineering; and

    (C) differentiate between simple versus multistage attacks.

Source Note: The provisions of this §127.793 adopted to be effective August 7, 2022, 47 TexReg 4522