Contents

CFOR 250 Computer Network Forensic Technology

This course will cover the computer forensics examination process in a network environment. The Open Systems Interconnection (OSI) model, TCP/IP model, and IP addressing will be discussed along with how these layered approaches relate to the computer forensics examination process. Students will determine how various network devices such as servers, hubs, switches, and routers create log files that can be used for forensic examination. Students will examine various log files, port scans, packet sniffers, etc., from network devices for computer forensic analysis. Students will have hands-on experience with actual computer networks in the lab using various forensics tools and devices.

Credits

3

Prerequisite

CFOR 200

Hours Weekly

2 hours lecture, 2 hours lab weekly

Course Objectives

  1. 1. Describe OSI model and the purpose of each layer.
  2. 2. Identify physical layer components such as UTP and fiber cables and connectors and their roles.
  3. 3. Examine network devices, hubs, switches and routers and servers and their role in network forensic
    examination.
  4. 4. Describe TCP/IP protocols and IP addressing and how they are used to collect forensic evidence.
  5. 5. Explain the role of IDS, Firewall, and VPN devices and how these devices play a role in the network
    forensic examination process on the network.
  6. 6. Examine the role of email, web and DNS server and their functions in collecting and analyzing evidence
    for forensic examination.
  7. 7. Examine viruses, worms and Trojan horses and how to mitigate them.
  8. 8. Explore password security, weaknesses and disaster recovery methods.
  9. 9. Describe the importance of network security and the tools used for computer forensic analysis in a
    network environment.
  10. 10. Examine various log files, port scans, packet sniffers, registry files, etc., for computer forensic evidence.
  11. 11. Describe the potential damage associated with compromised computer network systems.

Course Objectives

  1. 1. Describe OSI model and the purpose of each layer.
  2. 2. Identify physical layer components such as UTP and fiber cables and connectors and their roles.
  3. 3. Examine network devices, hubs, switches and routers and servers and their role in network forensic
    examination.
  4. 4. Describe TCP/IP protocols and IP addressing and how they are used to collect forensic evidence.
  5. 5. Explain the role of IDS, Firewall, and VPN devices and how these devices play a role in the network
    forensic examination process on the network.
  6. 6. Examine the role of email, web and DNS server and their functions in collecting and analyzing evidence
    for forensic examination.
  7. 7. Examine viruses, worms and Trojan horses and how to mitigate them.
  8. 8. Explore password security, weaknesses and disaster recovery methods.
  9. 9. Describe the importance of network security and the tools used for computer forensic analysis in a
    network environment.
  10. 10. Examine various log files, port scans, packet sniffers, registry files, etc., for computer forensic evidence.
  11. 11. Describe the potential damage associated with compromised computer network systems.