This course introduces concepts and techniques essential for studying network-based evidence applicable to legal investigations. Students will become familiar with a wide range of networking devices, techniques for capturing and analyzing network data, and with the practice of solid forensic methodologies to prepare and protect network based digital evidence. Students will be required to bring their laptops to each class, as they will need to access exercise materials online, use virtual machines in a hypervisor, and answer online quizzes.
Lecture and project-based
Students must have taken 14-761. We expect familiarity with TCP/IP networking.
- Understand forensic methodologies
- Identify network based forensic evidence sources
- Understand basic administration of network devices
- Utilize common packet and protocol analysis tools
- Capture and analyze wired and wireless network traffic
- Capture and analyze network flow data
- Create a timeline of user activity from network-based evidence
- Understand techniques used by attackers to evade detection
- Build a network to demonstrate the detection of an attack by using network forensic tools
Faculty and instructors who have taught this course in the past
Gabriel Somlo, Adam Welles