Semester 3 / ECTS Credits: 5 ECTS
The main objective of this course is to give short and focused introduction to network forensics.
Students will gain comprehensive knowledge and practical skills of the topics covered with theories, concepts, and hands-on exercises.
Throughout this course participants will gain advanced knowledge of network topology and elements, computer network sources of evidence and the forensic analysis of network artefacts. Participants will learn about the underlying principles of computer networks and enhance their ability to conduct forensic examinations of data collected from computer networks including network devices, servers and hosts.
Practical skills will be obtained during lab work using Splunk and other network analysis tools by working on real-life scenarios.
- Examine the computer network for the existence of digital traces.
- Critically assess the tools for monitoring computer networks.
- Critically understand the authentication and authorization process.
- Formulate/shape the model of the topology of computer networks.
- Build reports on the conduct of digitally forensic investigation of computer networks.
- Combine the ISO OSI open system model.
Course content lectures:
- Network types, network technologies, devices
- Internet history, basics of www
- Open system ISO/OSI model
- Transmission Control Protocol/Internet Protocol
- Confidentiality, integrity and availability, authentication, authorization and availability
- SID, Firewall
- Intrusion into system, detection and prevention
- Domain name system, network protocols
- Online Tools for Analysis Log: Splunk
- Linux Network Traffic Analysis Tools
- Wireshark online analysis and analysis of packages
- Case studies
- Investigation reports