This course introduces the principles, challenges, and techniques related to computer forensics, with a focus on the investigation and analysis of digital evidence in the context of a forensic examination or an incident response case.
In particular, students will learn how to collect, preserve, examine data (by using open source tools), and extract evidence from computers, mobile devices, and networks -- while maintaining forensic soundness and chain of custody. Key topics covered in the course include disks and file system analysis, memory forensics, network traffic inspection, and the analysis of Windows and Linux operating system artifacts.
Tentative Schedule:
- Introduction to digital forensics
- Network traffic analysis
- Disk and filesystem analysis
- OS and software artifacts
- Memory forensics
- Forensics of mobile devices
