Network Forensics

Објавено: October 12, 2018
  1.    Course Title Network Forensics
  2.    Code 3ФЕИТ10З042
  3.    Study program TKII
  4.    Organizer of the study program (unit, institute, department) Faculty of Electrical Engineering and Information Technologies
  5.    Degree (first, second, third cycle) First cycle
  6.    Academic year/semester IV/7   7.    Number of ECTS credits 6.00
  8.    Lecturer Dr Marko Porjazoski
  9.    Course Prerequisites

10.    Course Goals (acquired competencies):  Introduction to different methods of investigation in the occurrence of crime in the communication networks. Candidates will be able to collect and analyze data, as well as prepare reports on the occurrence of crime in communication networks.

11.    Course Syllabus: Definition of terms digital forensics and network forensics. Definition of a response procedure in case of an incident. Methodologies for examination and forensics. The place of network forensics in the investigation process. Recording of network traffic in real time. Finding evidence across the network. Gathering data from servers and clients. Gathering data from network devices (routers and switches). TCP header analysis. TCP signature analysis. Intrusion Detection Solutions. Forensic of Wireless Networks. Procedure for response in case of an incident. Including network forensics in the incident response procedure. Outlining the network infrastructure. Collecting existing documentation. Physical and logical architecture of the network. Access rights. Seizing digital information. Defining digital proof. Methods for seizing digital evidence. Choosing the most appropriate method for seizing digital evidence.

12.    Learning methods:  Lectures, auditory and laboratory exercises, individual work, project work and preparation of seminar papers
13.    Total number of course hours 3 + 1 + 1 + 0
14.    Distribution of course hours 180
15.    Forms of teaching 15.1. Lectures-theoretical teaching 45
15.2. Exercises (laboratory, practice classes), seminars, teamwork 30
16.    Other course activities 16.1. Projects, seminar papers 30
16.2. Individual tasks 30
16.3. Homework and self-learning 45
17.    Grading 17.1. Exams 15
17.2. Seminar work/project (presentation: written and oral) 15
17.3. Activity and participation 0
17.4. Final exam 70
18.    Grading criteria (points) up to 50 points     5 (five) (F)
from 51 to 60 points     6 (six) (E)
from 61 to 70 points     7 (seven) (D)
from 71 to 80 points     8 (eight) (C)
from 81 to 90 points     9 (nine) (B)
from 91 to 100 points   10 (ten) (A)
19.    Conditions for acquiring teacher’s signature and for taking final exam Regular attendance at lectures, auditory and laboratory exercises
20.    Forms of assessment  Two partial exams during the semester lasting 120 minutes each or one written exam in an appropriate exam session lasting 120 minutes and preparation of a practical project task.
The final grade includes exam points, project assignment points, homework points and laboratory exercise points.
It is not allowed to use books, scripts, manuscripts or notes of any kind during the exam, as well as a calculator, mobile phone, tablet or any other electronic device
21.    Language Macedonian and English
22.    Method of monitoring of teaching quality Internal evaluations and surveys
23.    Literature
23.1. Required Literature
No. Author Title Publisher Year
1 Sherri Davidoff, Jonathan Ham Network Forensics: Tracking Hackers through Cyberspace Prentice Hall 2012
2 Terrence V. Lillard Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data Elsevier/Syngress 2010