Fiche de cours
Network and System Forensics
Faculté de gestion: Ecole des sciences criminelles (ESC)
Responsable(s): Frank Breitinger
Horaires du cours (Hebdomadaire)
Date | Lieu | Remarque | Thématique | Intervenant(s) |
---|---|---|---|---|
2023/2024 : Mardi 10:00-12:00 (Hebdomadaire) | Batochime/5112 |
Cours
Semestre de printemps
2 heures par semaine
28 heures par semestre
Hebdomadaire
Langue(s) d'enseignement: anglais
Public: Non
Crédits: 3
Objectif
A course focusing on forensics on Linux, Application, and Networks as well as current trends utilization instructions, demonstrations, and lab exercises.
After this course, students will:
- - Memorize protocols (network and application related) and how they interact
- - Distinguish between network encryption and anonymization techniques and the impact on investigations
- - Collect (acquire) network-based and host-based traces for analysis
- - Assess traces and identify intrusions including data exfiltration
Contenu
The course provides a broad overview of network and Linux system related forensics topics. It will start by an overview of internet technologies and protocols. Then, different levels of traffic capturing will be discussed and performed. Then the course will move towards threat hunting and incident response, i.e., how to identify network attacks, C2 communication, or data exfiltration. In addition to the network level, the course host-based forensics related to network activities, e.g., various log files, firewalls (IPTables), etc.
To cover these topics, the course has the following preliminary structure:
- - Overview of Internet Technologies (OSI layer, networking protocols such as TCP, UDP, QUIC, DNS, ARP, application protocols like HTTP, SMB, FTP)
- - Network encryption and anonymization (SSL/TLS, VPN (specifically Wireguard), TOR),
- - Network reconnaissance and attacks (MITRE attack framework, scanning, mapping, enumeration)
- - Acquisition basics and tools (evidence collection, decryption, and host-based tools)
- - Logging and Monitoring events on the network and hosts (syslog, netflow, log aggregation)
- - Detecting intrusions (Indicators of Compromise, Threat intelligence)
- - Analysis traces using basic tools (i.e., data interpretation)
If time permits, Voice over IP and Anti-forensics concepts will be covered as well.
Evaluation
Written exam with practical component (120 min)
Bibliographie
Pre-reading material will be provided on Moodle prior to the course.
Exigences du cursus d'études
Basic knowledge on networks (e.g., IPs, subnets) and Linux; pre-reading material will be provided on Moodle prior to the course.
Utilisation | Code faculté | Statut | Crédits |
---|---|---|---|
Maîtrise universitaire en Droit, criminalité et sécurité des technologies de l'information (2019 ->) ›› Enseignements optionnels, mention renseignement et science forensique | ESC | Optionnel | 3.00 |
Maîtrise universitaire en Droit, criminalité et sécurité des technologies de l'information (2019 ->) ›› Enseignements optionnels sans mention | ESC | Optionnel | 3.00 |
Maîtrise universitaire ès Sciences en science forensique, orientation criminalistique chimique (2020 ->) ›› Tronc commun | Optionnel | 3.00 | |
Maîtrise universitaire ès Sciences en science forensique, orientation investigation et identification numériques (2020 ->) ›› Enseignements complémentaires de l'orientation | Optionnel | 3.00 | |
Maîtrise universitaire ès Sciences en science forensique, orientation investigation et identification numériques (2020 ->) ›› Tronc commun | Optionnel | 3.00 |