| 1. Course Title | Network Forensics | |||||||
| 2. Code | 3ФЕИТ10З042 | |||||||
| 3. Study program | TKII | |||||||
| 4. Organizer of the study program (unit, institute, department) | Faculty of Electrical Engineering and Information Technologies | |||||||
| 5. Degree (first, second, third cycle) | First cycle | |||||||
| 6. Academic year/semester | IV/7 | 7. Number of ECTS credits | 6.00 | |||||
| 8. Lecturer | Dr Marko Porjazoski | |||||||
| 9. Course Prerequisites | ||||||||
|
10. Course Goals (acquired competencies): Introduction to different methods of investigation in the occurrence of crime in the communication networks. Candidates will be able to collect and analyze data, as well as prepare reports on the occurrence of crime in communication networks. |
||||||||
|
11. Course Syllabus: Definition of terms digital forensics and network forensics. Definition of a response procedure in case of an incident. Methodologies for examination and forensics. The place of network forensics in the investigation process. Recording of network traffic in real time. Finding evidence across the network. Gathering data from servers and clients. Gathering data from network devices (routers and switches). TCP header analysis. TCP signature analysis. Intrusion Detection Solutions. Forensic of Wireless Networks. Procedure for response in case of an incident. Including network forensics in the incident response procedure. Outlining the network infrastructure. Collecting existing documentation. Physical and logical architecture of the network. Access rights. Seizing digital information. Defining digital proof. Methods for seizing digital evidence. Choosing the most appropriate method for seizing digital evidence. |
||||||||
| 12. Learning methods: Lectures, auditory and laboratory exercises, individual work, project work and preparation of seminar papers | ||||||||
| 13. Total number of course hours | 3 + 1 + 1 + 0 | |||||||
| 14. Distribution of course hours | 180 | |||||||
| 15. Forms of teaching | 15.1. Lectures-theoretical teaching | 45 | ||||||
| 15.2. Exercises (laboratory, practice classes), seminars, teamwork | 30 | |||||||
| 16. Other course activities | 16.1. Projects, seminar papers | 30 | ||||||
| 16.2. Individual tasks | 30 | |||||||
| 16.3. Homework and self-learning | 45 | |||||||
| 17. Grading | 17.1. Exams | 15 | ||||||
| 17.2. Seminar work/project (presentation: written and oral) | 15 | |||||||
| 17.3. Activity and participation | 0 | |||||||
| 17.4. Final exam | 70 | |||||||
| 18. Grading criteria (points) | up to 50 points | 5 (five) (F) | ||||||
| from 51 to 60 points | 6 (six) (E) | |||||||
| from 61 to 70 points | 7 (seven) (D) | |||||||
| from 71 to 80 points | 8 (eight) (C) | |||||||
| from 81 to 90 points | 9 (nine) (B) | |||||||
| from 91 to 100 points | 10 (ten) (A) | |||||||
| 19. Conditions for acquiring teacher’s signature and for taking final exam | Regular attendance at lectures, auditory and laboratory exercises | |||||||
| 20. Forms of assessment | Two partial exams during the semester lasting 120 minutes each or one written exam in an appropriate exam session lasting 120 minutes and preparation of a practical project task. The final grade includes exam points, project assignment points, homework points and laboratory exercise points. It is not allowed to use books, scripts, manuscripts or notes of any kind during the exam, as well as a calculator, mobile phone, tablet or any other electronic device |
|||||||
| 21. Language | Macedonian and English | |||||||
| 22. Method of monitoring of teaching quality | Internal evaluations and surveys | |||||||
| 23. Literature | ||||||||
| 23.1. Required Literature | ||||||||
| No. | Author | Title | Publisher | Year | ||||
| 1 | Sherri Davidoff, Jonathan Ham | Network Forensics: Tracking Hackers through Cyberspace | Prentice Hall | 2012 | ||||
| 2 | Terrence V. Lillard | Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data | Elsevier/Syngress | 2010 | ||||
