CSEC2225 Network Forensics

Course Description

Attacks on our systems are becoming increasingly broad and complex. It is simply not feasible to conduct full host-based forensic analysis on every system in an organization of any size. The proper use of network forensics can enable examiners to determine the origin and impact of malicious events quickly and effectively. This course will allow students to develop the understanding of the fundamentals of network forensics, normal and abnormal conditions for common network protocols, the process and tools used to examine device and system logs, wireless communication and encrypted protocols.
Student Learning Outcomes:

  • Evaluate the behavior, security risks and controls of common network protocols.
  • Analyze techniques and practices used to encode and encrypt common network traffic and common attacks on these controls.
  • Utilize NetFlow data and information sources to identify network attacks.
  • Demonstrate familiarity of open source packet analysis tools and their purpose
  • Design and deploy a network employing diverse transmission and collection technologies.
  • Analyze diverse protocols and data traversing a network environment.
  • Integrate network security proxies, common log formats and flow of data in a network.
  • Analyze diverse log formats, protocols and the security impact of the event generating processes.
  • Apply the configuration and deployment strategies for position logging aggregators and collection devices throughout a network environment.
  • Identify and control the risks associated with wireless technologies, protocols and infrastructure.


Please see eServices for section availability and current pre-req/test score requirements for this course.

3 credits: 2 lectures / presentations, 1 lab, 0 other