CFOR-910 Cyber Forensics II

Students in this course will develop the skill needed for responding to a company?s network that has been completely compromised due to activities by hackers. Students will develop the skills needed to determine which machines within the infrastructure have been compromised. Student will make forensic copies of hard drives of compromised machines, and analyze their data and RAM. Students will examine log and capture files using protocol analyzers like Wireshark. At the end of the course, students will formulate conclusions about how the attackers obtained access to the company and assess the extent of damage that was done to company assets. Students will present their findings along with recommendations and guidelines for protecting the company?s assets in the future.