Network forensics

Course title: Network forensics

Code: FEIT10L028

Number of credits (ECTS): 6

Weekly number of classes: 3+1+1+0

Prerequisite for enrollment of the subject: Telecommunication networks

Course goals/Competences: Introduction to different research methods in case of crime in communication networks. Candidates will be able to collect and analyze data and prepare reports in cases of crime in communication networks.

Total available number of classes: 180

Curriculum: Concept of digital forensics and network forensics. Definition of procedure for response in the event of an incident. Methodologies for investigation and forensics. Place of networks in the forensic investigation process. Record network traffic in real time. Finding the evidence around the net. Collecting data from servers and clients. Collecting data from network devices (routers and switches). Deciphering the TCP header. Analysis of TCP signature. Solutions for intrusion detection in the network. Forensics of wireless networks. Procedure for response in the event of an incident. Running network forensic procedure in response to the case of an incident. Outlining infrastructure network. Collecting existing documentation. Physical and logical architecture of the network. Privileges to access certain network resources. Seizure of Digital Information. Definition of digital evidence. Methods for seizing digital evidence. Selecting the most appropriate method for seizing digital evidence. Taking action on the spot of the incident. Privacy and data equipment. Stopping the attack and isolate network. Documenting evidence. Internet forensics. Preparation of a report and presenting the results of the investigation. The future of digital forensics and networks forensics.

Literature: