Network Forensics

This course expands the Computer Forensics curriculum by presenting the science of forensic analysis of data commonly transmitted via modern computer networks. It extends the forensic topics presented in the computer evidence recovery courses (CIT156 and CIT256) by introducing and detailing the impact of modern networking to computer investigations. In addition to re-enforcing the knowledge of "passive" evidence collection as taught in the course's prerequisites, the course aims to introduce forensic topics related to "active" evidence collection techniques including network data tapping and safely examining malicious software. The student who satisfactorily completes this course will be ready to participate in formal evidence collection and analysis for a non-law enforcement organization. Further studies in law enforcement may be required for the student to leverage these skills as part of a criminal investigation.