AP Cybersecurity › PLTW Unit 4 · Post-Exam

Unit 4 Applied Cybersecurity

Cryptography, digital forensics, and the crime you have to solve. The AP exam is behind you. This is the victory lap — and the PLTW credential finish line. Ends with The Heist.

📋 PLTW Unit 4 · Tri 3🏁 Post-exam · Low pressure🕐 ~3 weeks📺 10 Activities + Projects🎯 Problem: 4.3.1 · Solve the Crime!🔧 PLTW credential completion
A 7-million-dollar blue diamond is missing. A suspect is in custody. Their USB flash drive is in your hands. The evidence is hidden — encrypted, steganographic, and malicious. Read the full case →
Activity — PLTW + AP content
Project — applies it in a lab
PLTW Only — redirects to PLTW platform
Problem — PLTW capstone (do last)
4.1 — Cryptography
Activity4.1.1

Ciphers and Early Cryptography

Caesar, Vigenère, and the conceptual leap to modern symmetric encryption. History makes AES intuitive — same fundamental principle, exponentially harder to break. The Heist case file contains encrypted messages; this is where students learn to read them.

Caesar cipherVigenèreEncoding vs. encryptionAP 5.3.A–B
🕐 2 class daysOpen Activity →
Activity4.1.2

Symmetric and Asymmetric Encryption

AES vs. RSA. Public/private key pairs. The PGP lab — generate a key pair, encrypt a message, send it to a partner, decrypt the reply. And the single most common AP exam mistake: you encrypt with the recipient's PUBLIC key, decrypt with your own PRIVATE key.

AESRSAPublic / private keyPGP labAP 5.3.A–BAP 5.4.A–CScenario 5B
🕐 2–3 class daysOpen Activity →
Activity4.1.3

Storage Encryption Techniques

Encryption at rest vs. in transit. Symmetric algorithms applied to stored data. How key management becomes the hard problem once the algorithm itself is solved — and why the suspect's encrypted file system in The Heist matters.

Encryption at restKey managementAES / DES / 3DESAP 5.3.A–B
🕐 2 class daysOpen Activity →
Activity4.1.4PLTW

Steganography

Hiding data in plain sight — inside images, audio, and documents. PLTW-only enrichment with no AP standard, but one of the most genuinely fascinating techniques in the field. The suspect hid evidence inside image files. Students find it.

SteganographyHidden dataImage analysisPLTW Only
🕐 2 class daysOpen Activity →
Project4.1.5

Down the Rabbit Hole

Project: A cryptography puzzle-chain. Students follow a trail of encrypted messages, encoded data, and hidden files — applying every technique from 4.1.1 through 4.1.4. Document every decryption step in AP Skill 2.D format.

Crypto puzzle chainEvidence trailDecryption logAP 5.3.A–BAP 5.4.A–CAP Skill 2.D
🕐 2–3 class daysOpen Project →
4.2 — Digital Forensics
Activity4.2.1PLTW

Evidence Handling

Chain of custody, forensic acquisition, legal ramifications of cybercrime. The rules that govern what evidence can be used in court — and what gets thrown out if you break them. PLTW-only but foundational for the capstone Problem.

Chain of custodyForensic acquisitionLegal standardsPLTW OnlyNICE T0049
🕐 2 class daysOpen Activity →
Activity4.2.2

Data Integrity

File hash verification — how you prove a file hasn't been altered since it was collected as evidence. AP 5.6.D directly. Application log analysis for attack IOCs also lives here, connecting back to the server analysis work from Unit 2.

Hash verificationMD5 / SHA256File integrityApp log IOCsAP 5.6.A–BAP 5.6.D–E
🕐 2 class daysOpen Activity →
Activity4.2.3PLTW

Imaging Files and Devices

Disk imaging, forensic copies, preserving evidence integrity from the original media. PLTW-only forensic process — but the skill of capturing a complete system state without altering it is what separates admissible evidence from contaminated data.

Disk imagingForensic copyEvidence integrityPLTW Only
🕐 2 class daysOpen Activity →
Activity4.2.4

Establishing Identity in Cyberspace

Digital signatures, PGP identity verification, certificate chains. How cryptography proves who you are online — and how forensic analysts use that to trace the suspect's digital movements back through the evidence trail.

Digital signaturesPGP identityCertificate chainsAP 5.4.A–C
🕐 2 class daysOpen Activity →
Activity4.2.5PLTW

Forensic Tool Suites

Autopsy, FTK, and the professional forensic analyst's toolkit. PLTW-only — but students use the same tools that working digital forensics analysts use every day. Career alignment: Cyber Defense Analyst work role, NICE Task T0049.

Autopsy / FTKForensic suiteProfessional toolsPLTW OnlyNICE career
🕐 2 class daysOpen Activity →
Project4.2.6

Phishing at Work

Project: A workplace phishing investigation. The social engineering knowledge from Unit 1 meets forensic evidence from Unit 4 — students trace a phishing attack through authentication logs and application evidence, documenting IOCs in AP Skill 3.D format.

Workplace phishingAuth log IOCsForensic evidenceAP 1.1.A–CAP 4.4.DAP 5.6.EAP Skill 3.D
🕐 2–3 class daysOpen Project →
4.3 — Criminal Justice and Computer Science (Problem)
⚡ Problem4.3.1PLTW

Solve the Crime! · The Heist

The PLTW capstone. A 7-million-dollar blue diamond stolen from an auction warehouse. Evidence hidden in encrypted files, steganographic images, and malware source code. Requires all 10 preceding activities and projects. Post-exam — the victory lap.

PLTW credential capstoneEncrypted evidenceSteganographyForensic reconstructionNICE career
🕐 4–5 class daysSolve the Crime →
⛔ Problem 4.3.1 — Dependency Warning
All 10 activities and projects (4.1.1 → 4.2.6) must be complete before attempting The Heist. This is the PLTW credential capstone — the last deliverable in the course.
Solve the Crime →
Built with v0