UNIL
Vous êtes ici: UNIL > L'enseignement > Fiche de cours
Français | English   Imprimer   

Fiche de cours

Network and System Forensics

Faculté de gestion: Ecole des sciences criminelles (ESC)

Responsable(s): Frank Breitinger

Période de validité: 2022 ->

Horaires du cours (Hebdomadaire)

Date Lieu Remarque Thématique Intervenant(s)
2023/2024 : Mardi 10:00-12:00 (Hebdomadaire) Batochime/5112    

Cours

Semestre de printemps
2 heures par semaine
28 heures par semestre
Hebdomadaire
Langue(s) d'enseignement: anglais
Public: Non
Crédits: 3

Objectif

A course focusing on forensics on Linux, Application, and Networks as well as current trends utilization instructions, demonstrations, and lab exercises. 


After this course, students will: 


-          - Memorize protocols (network and application related) and how they interact


-          - Distinguish between network encryption and anonymization techniques and the impact on investigations


-          - Collect (acquire) network-based and host-based traces for analysis


-          - Assess traces and identify intrusions including data exfiltration


Contenu

The course provides a broad overview of network and Linux system related forensics topics. It will start by an overview of internet technologies and protocols. Then, different levels of traffic capturing will be discussed and performed. Then the course will move towards threat hunting and incident response, i.e., how to identify network attacks, C2 communication, or data exfiltration. In addition to the network level, the course host-based forensics related to network activities, e.g., various log files, firewalls (IPTables), etc.


To cover these topics, the course has the following preliminary structure:


-         - Overview of Internet Technologies (OSI layer, networking protocols such as TCP, UDP, QUIC, DNS, ARP, application protocols like HTTP, SMB, FTP)


-          - Network encryption and anonymization (SSL/TLS, VPN (specifically Wireguard), TOR),


-          - Network reconnaissance and attacks (MITRE attack framework, scanning, mapping, enumeration)


-          - Acquisition basics and tools (evidence collection, decryption, and host-based tools)


-          - Logging and Monitoring events on the network and hosts (syslog, netflow, log aggregation)


-          - Detecting intrusions (Indicators of Compromise, Threat intelligence)


-          - Analysis traces using basic tools (i.e., data interpretation)


If time permits, Voice over IP and Anti-forensics concepts will be covered as well.

Evaluation

Written exam with practical component (120 min)

Bibliographie

Pre-reading material will be provided on Moodle prior to the course.

Exigences du cursus d'études

Basic knowledge on networks (e.g., IPs, subnets) and Linux; pre-reading material will be provided on Moodle prior to the course.

UtilisationCode facultéStatutCrédits
Maîtrise universitaire en Droit, criminalité et sécurité des technologies de l'information (2019 ->) ›› Enseignements optionnels, mention renseignement et science forensiqueESCOptionnel3.00
Maîtrise universitaire en Droit, criminalité et sécurité des technologies de l'information (2019 ->) ›› Enseignements optionnels sans mentionESCOptionnel3.00
Maîtrise universitaire ès Sciences en science forensique, orientation investigation et identification numériques (2020 ->) ›› Enseignements complémentaires de l'orientationOptionnel3.00
Maîtrise universitaire ès Sciences en science forensique, orientation investigation et identification numériques (2020 ->) ›› Tronc communOptionnel3.00
Unicentre - CH-1015 Lausanne - Suisse
Tél. +41 21 692 11 11
Canton de Vaud
Swiss University