Network Forensics

Course title: Network Forensics

Code: 3ФЕИТ10З042

Number of credits (ECTS): 6

Weekly number of classes: 3+1+1+0

Prerequisite for enrollment of the subject: None

Course Goals (acquired competencies): Introduction to different methods of investigation in the occurrence of crime in the communication networks. Candidates will be able to collect and analyze data, as well as prepare reports on the occurrence of crime in communication networks.

Total available number of classes: 180

Course Syllabus: Definition of terms digital forensics and network forensics. Definition of a response procedure in case of an incident. Methodologies for examination and forensics. The place of network forensics in the investigation process. Recording of network traffic in real time. Finding evidence across the network. Gathering data from servers and clients. Gathering data from network devices (routers and switches). TCP header analysis. TCP signature analysis. Intrusion Detection Solutions. Forensic of Wireless Networks. Procedure for response in case of an incident. Including network forensics in the incident response procedure. Outlining the network infrastructure. Collecting existing documentation. Physical and logical architecture of the network. Access rights. Seizing digital information. Defining digital proof. Methods for seizing digital evidence. Choosing the most appropriate method for seizing digital evidence.

Literature: