Network Forensics


🏫 University
📆 2023–2024
👨‍🎓 112

Introduction

Welcome to our Network Forensics course! Over the next fifteen weeks, we’ll delve into the realm of network forensics, covering essential topics required to understand and investigate network-based evidence. In today’s digital age, networks are integral to all aspects of our lives. With this reliance comes the need to ensure the security and integrity of these networks. Network forensics plays a crucial role in identifying and mitigating cyber threats, akin to detective work in the digital world. This course is designed to provide you with both the theoretical knowledge and practical skills needed to excel in this field.

Our course structure is meticulously crafted to offer a comprehensive understanding of network forensics. We will start with foundational concepts and progressively move towards advanced topics. Each module includes engaging lectures, interactive discussions, practical exercises, and hands-on labs. Additional materials and resources will be provided to enhance your grasp of the subject matter.

Course Abstract

The course is aimed at providing an in-depth understanding of Network Forensics. We will cover the following topics:

  1. Basics of Networks, Network Security, and the Internet Ecosystem
    • Network Types, Architectures, Protocols, and Devices
    • OSI vs. TCP/IP Models
    • Network Communication Modes and Topologies
    • Network Access Methods and Well-Known Networking Protocols
  2. Introduction to Network Forensics
    • Relation to Other Fields of Digital Forensics
    • Types of Network-Based Evidence
    • Tools for Network Forensics (TCPdump, ngrep, Argus, Snort, Wireshark)
  3. Logging and Monitoring
    • Sources for Analysis (Host-Based, Network-Based)
    • Timeline Analysis, Aggregation, and Correlation of Data
    • Legal Basics and Constraints
  4. Deep Packet Inspection
    • Protocol Encapsulation
    • Internet Protocol Headers and Control Protocol Headers
    • HTTP/S Packet Analysis
  5. Detection and Analysis
    • Identifying Suspicious/Malicious Traffic
    • Use of Threat Intelligence
    • Chain of Custody and Data Analysis Tools
  6. Combatting Tunneling and Encryption
    • Decrypting TLS and WLAN Packets
    • Decoding USB Keyboard Captures
  7. Conducting Network Forensics
    • Investigating Malware Behavior and Network Patterns
    • Real-World Case Study: Banking Trojan Investigation
  8. Investigating and Analyzing Logs for Anomaly Detection
    • Network Intrusions and Footprints
    • Investigating Windows and Firewall Logs

My role

  • 2024–: Instructor

Course Learning Objectives

Welcome to the Network Forensics course! Throughout this program, you’ll dive into the core principles of Network Forensics and develop practical skills to investigate and secure network-based evidence effectively. By the end of this course, you will be able to:

  • Objective 1. Understand the basic concepts of networks, network security, and the internet ecosystem, including forensic methodologies.
  • Objective 2. Identify various sources of network-based forensic evidence.
  • Objective 3. Analyze captured wired and wireless network traffic and network flow data.
  • Objective 4. Evaluate techniques used by attackers to evade detection.
  • Objective 5. Apply the network forensics methodology in practical scenarios.

With a strong foundation in network forensics principles and hands-on experience with practical techniques, you’ll be well-equipped to navigate the complex landscape of cybersecurity and protect critical digital assets effectively.

Course setup

The course is structured over fifteen weeks, comprising lectures, practical exercises, and hands-on modules. Each week, students will attend lectures conducted by the instructor, Azhar Ghafoor, covering various topics essential for understanding network forensics. Lecture materials, including slide decks and reference materials, will be provided to students for their reference. Additionally, practical exercises and hands-on modules will be conducted to reinforce theoretical concepts and provide students with real-world application scenarios. Course rules are established to encourage active participation, including asking questions, engaging in discussions, and maintaining focus during lectures.

Grading

Student evaluation will be based on various components, including: - Participation: Active participation in lectures, discussions, and practical exercises. - Assignments: Completion and submission of assigned tasks, including practical exercises and assessments. - Quizzes: Regular quizzes to assess understanding of the material. - Project: Completion and presentation of a course project demonstrating practical application of network forensics concepts. - Midterm Exam: Assessment of knowledge and understanding of the first half of the course material. - Final Exam: Comprehensive assessment covering all course content. Grading criteria for each component will be outlined in the course syllabus provided to students at the beginning of the term.