Apr 26, 2024  
2017-2018 Course Catalog 
    
Catalog Navigation
  Catalog Home
  Introduction to Century College
  Mission, Vision, Values

  College Calendar

  Course Descriptions and Outlines
  Programs (Century Academic Pathway)
  Programs (Department)
  Programs (A-Z)

  Academic Policies and Program Requirements
  Admissions and Registration
  Application for Admission
  Student Services and Resources
  Student Handbook
  Transfer

  Continuing Education and Customized Training
  College Administration and Faculty
  Maps and Directions
  Archived Catalogs
  My Portfolio
HELP
2017-2018 Course Catalog [ARCHIVED CATALOG]

Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)

CVF 2203 - Network Forensics, Analysis and Incident Handling

Credits: 3
Hours/Week: Lecture 2Lab 2
Course Description: Network forensics involves the identification, preservation, and analysis of evidence of attacks in order to identify the attackers and document their activity with sufficient reliability to justify appropriate technological, business, and legal responses. This course focuses on the technological components of the topic with emphasis on the network traffic analysis aspect. The technical aspect addresses analysis of intruder types and the intrusion process, review of network traffic logs and profiles and their types, identification of attack signatures and fingerprints, application of data mining techniques, study of various traceback methods, and the extraction of information acquired through the use of network analysis tools and techniques.
MnTC Goals
None

Prerequisite(s): CVF 1085   with a grade of C or higher OR instructor consent. System administration experience on Microsoft Windows or Linux operating systems
Corequisite(s): None
Recommendation: None

Major Content
1 . Part I. Foundation a. Practical Investigative Strategies

1.1 Real-World Cases

1.2 Footprints

1.3 Concepts in Digital Evidence

1.4 Challenges Relating to Network Evidence

1.5 Network Forensics Investigative Methodology (OSCAR)

1.6 Conclusion 

2. Statistical Flow Analsis

5.1 Process Overview

5.2 Sensors

5.3 Flow Record Export Protocols

5.4 Collection and Aggregation

5.5 Analysis

5.6 Conclusion

5.7 Case Study: The Curious Mr. X

3. Wireless: Network Forensics Unplugged

6.1 The IEEE Layer 2 Protocol Series

6.2 Wireless Access Points (WAPs)

6.3 Wireless Traffic Capture and Analysis

6.4 Common Attacks

6.5 Locating Wireless Devices

6.6 Conclusion

6.7 Case Study: HackMe, Inc.

4. Network Intrusion Detection and Analysis

7.1 Why Investigate NIDS/NIPS?

7.2 Typical NIDS/NIPS Functionality

7.3 Modes of Detection

7.4 Types of NIDS/NIPSs

7.5 NIDS/NIPS Evidence Acquisition

7.6 Comprehensive Packet Logging

7.7 Snort

7.8 Conclusion

7.9 Case Study: Inter0ptic Saves the Planet (Part 1 of 2)

5. Network Devices and Servers

8. Event Log Aggregation, Correlation, and Analysis

8.1 Sources of Logs

8.2 Network Log Architecture

8.3 Collecting and Analyzing Evidence

8.4 Conclusion

8.5 Case Study: L0ne Sh4rk’s Revenge

6. Switches, Routers, and Firewalls

9.1 Storage Media

9.2 Switches

9.3 Routers

9.4 Firewalls

9.5 Interfaces

9.6 Logging

9.7 Conclusion

9.8 Case Study: Ann’s Coffee Ring

7. Web Proxies

10.1 Why Investigate Web Proxies?

10.2 Web Proxy Functionality

10.3 Evidence

10.4 Squid

10.5 Web Proxy Analysis

10.6 Encrypted Web Traffic

10.7 Conclusion

10.8 Case Study: Inter0ptic Saves the Planet (Part 2 of 2)

8. Network Tunneling

11.1 Tunneling for Functionality

11.2 Tunneling for Confidentiality 1

1.3 Covert Tunneling

11.4 Conclusion

11.5 Case Study: Ann Tunnels Underground

9. Malware Forensics

12.1 Trends in Malware Evolution

12.2 Network Behavior of Malware

12.3 The Future of Malware and Network Forensics

12.4 Case Study: Ann’s Aurora

10. Technical Fundamentals

2.1 Sources of Network-Based Evidence

2.2 Principles of Internetworking

2.3 Internet Protocol Suite

2.4 Conclusion

11. Evidence Acquisition

3.1 Physical Interception

3.2 Traffic Acquisition Software

3.3 Active Acquisition

3.4 Conclusion

12. Traffic Analysis

4.1 Protocol Analysis

4.2 Packet Analysis

4.3 Flow Analysis

4.4 Higher-Layer Traffic Analysis

4.5 Conclusion

4.6 Case Study: Ann’s Rendezvous
Learning Outcomes
At the end of this course students will be able to:

1 . deploy a structured lifecycle approach to data analytics problems.

2 . distinguish between PCAP and NetFlow data.

3 . explain the basics of packet capture and traffic analysis.

4 . demonstrate at least two ways to visualize network data.

5 . explain at least one approach to network data anonymization.

6 . explain coarse vs. fine data representation.

7 . explain what a traffic matrix is.

8 . demonstrate how to extract some embedded as well as some hidden network data.

9 . distinguish between at least two types of malicious traffic from network data and categorize them.

10. configure a connection between host-based events and network-based events.

11. apply appropriate analytic techniques and tools to analyze big data.

12. use open source tools such as R, Hadoop, and Postgres.


Courses and Registration


Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)