COURSE TITLE: COMPUTER / NETWORK FORENSICS.

COURSE INSTRUCTOR: ENG. ASOBO PEUPAH J.

COURSE OBJECTIVE: This course is aimed at exploring methods for capturing, recording, and
analyzing network traffic for the purpose of detecting and investigating network system intrusions.

COURSE OUTCOMES: Upon completion of the course, learners will should be able to;

- Identify network types and components.

- Discover types of network security threats and digital crimes.

- Indicate approaches to network security and forensic analysis.

- Evaluate the impact of network types and laws on network forensics investigations.

- Utilize tools and apply best practices to conduct flow and packet analysis.

- Apply best practices to collect, preserve, and transport evidence of digital intrusions.

- Create a self- contained evidence report in a legally appropriate and defensible document.

OUTLINE: 13 CHAPTERS.

CHAPTER 1: NETWORK COMPONETS.

OBJECTIVES: This chapter discuses different types of networks, telecommunication

hardware, network nodes and the network interface card(NIC).

LESSONS:

i. OVERVIEW OF BASIC CONCEPTS OF COMPUTER NETWORKS: DEFINITION,

ADVANTAGES, DISADVANTAGES, EXAMPLES.
ii. TYPES OF NETWORKS: LAN, WAN, WLAN, MAN, SAN, PAN, EPN & VPN.
iii. TELECOMMUNICATION HARDWARE: ROUTERS, MODEMS, SWITCHES,
BRIDGES, and GATEWAYS.
iv. NETWORK INTERFACE CARDS (NIC): DEFINITION, FUNCTION, TYPES.
v. NETWORK NODE: DEFINITION, COMPONENTS & EXAMPLES.
vi. NETWORK NODE TYPES: BROADCAST, POINT-TO-POINT, MULTI-HOMED &
HYBRID.
vii. BACKBONE NETWORKS: DEFINITION, TYPE, and USES.
viii. THE FUTURE OF NETWORKING: TRENDS & CHALLENGES.
ix. CHAPTER 1 PRACTICE TEST

CHAPTER 2: NETWORK PROTOCOLS OVERVIEW.

OBJECTIVES: This chapter aims at defining network protocols, POST OFFICE PROTOCOL(POP),
SIMPLE MAIL TRANSFER PROTOCOL(SMTP), AND INTERNET MESSAGE ACCESS
PROTOCOL(IMAP). This chapter also describes the different layers of the OSI network
reference model.

LESSONS:

i. WHAT IS A NETWORK PROTOCOL? - TYPES & LIST

ii. APPLICATION LAYER OF THE OSI MODEL: DEFINITION, FUNCTION &
PROTOCOLS
iii. PRESENTATION LAYER OF THE OSI MODEL: DEFINITION, FUNCTION &
PROTOCOLS
iv. SESSION LAYER OF THE OSI MODEL: DEFINITION, FUNCTIONS, PROTOCOLS &
EXAMPLES.
 v. TRANSPORT LAYER OF THE OSI MODEL: DEFINITION, FUNCTIONS, SECURITY
& PROTOCOLS.
vi. NETWORK LAYER OF THE OSI MODEL: DEFINITION, FUNCTIONS, DESIGN &
SECURITY.
vii. DATALINK LAYER OF THE OSI MODEL: DEFINITION, FUNCTIONS, PROTOCOLS,
& DESIGN.
viii. PHYSICAL LAYER OF THE OSI MODEL: DEFINITION, COMPONENTS & MEDIA.
ix. WHAT IS A COMMUNICATION PROTOCOL? – TCP/IP & EXPLANATION
x. POST OFFICE PROTOCOL(POP): DEFINITION & OVERVIEW
xi. SIMPLE MAIL TRANSFER PROTOCOL: DEFINITION & USES.
xii. INTERNET MESSAGE ACCESS PROTOCOL: DEFINITION & USES.
xiii. CHAPTER 2 PRACTICE TEST.

CHAPTER 3: NETWORK SECURITY FUNDAMENTALS.

OBJECTIVES: This chapter lists the types of network security and explains its importance.
Offers explanations of network security design, risk assessments, audits and policies.

LESSONS:

i. WHAT IS NETWORK SECURITY? – DEFINITION & FUNDAMENTALS.

ii. WHY IS NETWORK SECURITY IMPORTANT?
iii. TYPES OF NETWORK SECURITY
iv. WIRELESS NETWORK SECURITY ISSUES AND SOULUTIONS.
v. HOW TO SUCURE A WIRELESS NETWORK: BEST PRACTICE & MEASURES.
vi. HOW TO TEST NETWORK SECURITY.
vii. WHAT IS A NETWORK SECURITY POLICY? – PROCEDURES & EXAMPLES.
viii. NETWORK SECURIRTY DESIGN: BEST PRACTICE & PRINCIPLES.
ix. NETWORK SECURITY RISK ASSESSMENT: CHECKLIST & METHODOLOGY.
x. NETWORK SECURITY AUDIT: TOOLS & CHECKLIST.
xi. CHAPTER 3 PRACTICE TEST.

CHAPTER 4: NETWORK THREATS & DIGITAL CRIMES.

OBJECTIVES: This chapter explains computers as a means of cybercrime, types of attacks in

network security, cybersecurity vulnerabilities and the damage of intellectual capital.
Describes attacks, espionage and vandalism in digital crime.

LESSONS:

i. COMPUTER AS A MEANS FOR CYBERCRIME.

ii. NETWORK SECURITY THREATS: TYPES & VULNERABILITIES.
iii. TYPES OF ATTACKS IN NETWORK SECURITY.
iv. WHAT IS MALWARE? – DEFINITION, EXAMPLE & TYPES.
v. TYPES OF COMPUTER VIRUSES: DEFINITIONS, FUNCTIONS & EXAMPLES.
vi. HOW COMPUTER VIRUSES ARE USED IN CRIME.
vii. CYBERSECURITY VULNERABILITIES: DEFINITIONS & TYPES
viii. ATTACKS IN DIGITAL CRIME: DEFINITION, TYPES & VULNERABILITIES
ix. HOW HUMAN ERROR LEADS TO DIGITAL ATTACKS
x. ESPIONAGE IN DIGITAL CRIME: DEFINITION & TYPES.
xi. VANDALISM IN DIDGITAL CRIME: DEFINITION, TYPES & EVIDENCE.
xii. DAMAGE OF INTELLECTUAL CAPITAL: METHODS & EXAMPLES.
xiii. THEFT AS A DIGITAL CRIME.
xiv. CAHPTER 4 PRACTICE TEST.

CHAPTER 5: NETWORK FORENSIC ANALYSIS.

OBJECTIVES: This chapter teaches ways to monitor a network for anomalous traffic, analyze
network event logs, identify intrusions, search for keywords and parse human
communications in network forensic analysis.

LESSONS:

i. NETWORK FORENSIC ANALYSIS: DEFINITION & PURPOSE.

ii. MONITORING A NETWORK FOR ANOMALOUS TRAFFIC
iii. IDENTIFYING INTRUSION IN NETWORK FORENSIC ANALYSIS.
iv. ANALYSING NETWORK EVENT LOGS: PROCESS & APPROACH.
v. REASSEMBLING TRANSFERRED FILES IN NETWORK FORENSIC ANALYSIS.
vi. SEARCHING FOR KEYWORDS IN NETWORK FORENSIC ANALYSIS.
vii. PARSING HUMAN COMMUNICATIONS IN NETWORK FORENSIC ANALYSIS.
viii. CHAPTER 5 PRACTICE TEST.

CHAPTER 6: NETWORK FORENSIC INVESTIGATIONS.

OBJECTIVES: This chapter discusses about digital forensics software, evidence in digital
crimes and the impact of network type on network forensic investigations. Outlines how to
undo the deletion of data, handle digital evidence and conduct computer investigations.

LESSONS:

i. WHAT IS COMPUTER FORENSICS? – DEFINITION & EXAMPLES.

ii. THE DIGITAL FORENSICS PROCESS.
iii. CONDUCTING COMPUTER INVESTIGATIONS & COMPUTER FORENSICS.
iv. IMPACT OF NETWORK TYPE ON NETWORK FORENSIC INVESTIGATIONS.
v. HOW COUNTRY LAWS IMPACT NETWORK FORENSICS INVESTIGATIONS.
vi. EVIDENCE IN DIGITAL CRIMES: TYPES & DETERMINATION.
vii. ISSUES IN DIGITAL EVIDENCE: RULES & TYPES.
viii. DIGITAL FORENSICS SOFTWARE: TYPES & BENEFITS.
ix. REVERSE ENGINEERING IN DIGITAL FORENSICS
x. UNDOING DELETION OF DATA FOR DIGITAL FORENSICS.
xi. HANDLING DIGITAL EVIDENCE IN NETWORK FORENSIC INVESTIGATIONS.
xii. LEGAL ASPECTS OF DIGITAL CRIMIAL EVIDENCE.
xiii. REQUIRED ASSIGNMENTS REMINDER.
xiv. CHAPTER 6 PRACTICE TEST.

CHAPTER 7: TRAFFIC ANALYSIS IN NETWORK FORENSICS.

OBJECTIVES: This chapter offers an overview of network traffic analysis, network scanners
and network traffic flows and sessions. Explains how to capture network traffic, use sniffers
in monitoring networks and detect network and port scans.

LESSONS:

i. CAPTURING NETWORK TRAFIC: DEFINITION & PROCESSES.

ii. NETWORK NODE: ANALYSIS, MANAGEMENT & MONITORING.
iii. NETWORK TRAFFIC ANALYSIS: FLOW ANALYSIS VS PACKET ANALYSIS.
iv. NETWORK TRAFFIC FLOW & SESSIONS: ANALYSIS AND PATTERNS.
v. WHAT IS ANETWORK SCANNER? – DEFINITION AND USE.
vi. DETECTING NETWORK & PORT SCANS: SIGNIFICANCE & METHODS.
vii. DETECTING ILLEGITIMATE TCP STATE SEQUENCES: SIGNIFICANCE &
METHODS.
viii. USING REGRESSION MODEL TO DETECT ANOMALOUS PATTERNS IN
NETWORK TRAFFIC.
ix. USING SNIFFERS IN MONITORING NETWORKS
x. CHAPTER 7 PRACTICE TEST.
CHAPTER 8: DETECTING & PREVENTING NETWORK INTRUSIONS.

OBJECTIVES: This chapter describes the intrusion detection system (IDS), intrusion
prevention system (IPS), firewall in network security and proxy server.

LESSONS:

i. INTRUSION DETECTION SYSTEMS(IDS) IN DATA SECURITY.

ii. INTRUSION PREVENTION SYSTEMS(IPS): DEFINITION & TYPES.
iii. WHAT IS A FIREWALL IN NETWORK SECURITY? – ROLE & USE.
iv. FIREWALLS IN NETWORK SECURITY: FEATURES & FUNCTIONS.
v. PROXY SERVER: DEFINITION, CONFIGURATION & FUNTIONALITY.
vi. SECURITY PERIMETER: DEFINITION, SOLUTIONS & DEVICES.
vii. PRACTICE DETECTING AND PREVENTING NETWORK BREACHES.
viii. CHAPTER 8 PRACTICE TEST.

CHAPTER 9: EMAIL & DIGITAL FORENSICS.

OBJECTIVES: This chapter explores the role of email headers in digital forensics
investigations and how to trace emails and email servers. Discusses email in digital forensics
and digital forensics laws.

LESSONS:

i. EMAIL IN DIGITAL FORENSICS & CRIME.

ii. THE ROLE OF EMAIL HEADERS IN DIGITAL FORENSICS INVESTIGATIONS
iii. TRACING EMAILS & EMAIL SERVERS FOR DIGITAL FORENSICS.
iv. EMAIL & DIGITAL FORENSICS LAWS.
v. CHAPTER 9 PRACTICE TEST.

CHAPTER 10: VIRUS & MALWARE DETECTION.

OBJECTIVES: This chapter defines computer virus remediation, advanced malware, mobile
malware and malware analysis. Lists methods for detecting computer viruses.

LESSONS:

i. METHODS FOR DETECTING COMPUTER VIRUSES.

ii. COMPUTER VIRUS REMEDIATION: PROCESS & RESOURCES.
iii. ADVANCED MALWARE: PROTECTION, ANALYTICS & DETECTION.
iv. MOBILE MALWARE: ANALYSIS & DETECTION.
v. MOBILE MALWARE: PROTECTION & REMOVAL.
vi. MALWARE ANALYSIS: TOOLS & REMOVAL.
vii. CHAPTER 10 PRACTICE TEST.

CHAPTER 11: NETWORK ENCRYPTION OVERVIEW.

OBJECTIVES: This chapter discusses basic encryption methods, IPSec vs. SSL, RSA algorithms,
AES and DES. Defines public key encryption, SSH proxy tunnels, symmetric encryption and
HTTPS encryption.

LESSONS:

i. BASIC ENCRYPTION METHODS.

ii. WHAT IS ADVANCED ENCRYPTION STANDARD(AES)? – DEFINITION AND
OVERVIEW.
iii. WHAT IS DATA ENCRYPTION STANDARD(DES)?
iv. SYSMETRIC ENCRYPTION: DEFINITION & EXAMPLE.
v. RSA ALGORITHM: ENCRYPTION & EXAMPLE.
vi. BLOWFISH ENCRYPTION: STRENGTH & EXAMPLE.
 vii. IPsec VS SSL.
viii. HTTPS ENCRYPTION.
ix. WPA VS WPA2 ENCRYPTION.
x. WPA VS WEP ENCRYPTION.
xi. VPN ENCRYPTION.
xii. PUBLIC KEY ENCRYPTION: DEFINITION & EXAMPLE.
xiii. SSH PROXY TUNNELS.
xiv. HOW ENCRYPTION METHODS ARE BROKEN.
xv. CHAPTER 11 PRACTICE TEST.

CHAPTER 12: INCIDENT RESPONSE IN NETWORK FORENSICS.

OBJECTIVES: This chapter explains the purpose of first responders and breach control in
network forensics. Describes the digital forensics lab and how to create evidence reports in
network forensics.

LESSONS:

i. FIRST RESPONSE IN NETWORK FORENSICS: ROLE & PURPOSE.

ii. BREACH CONTROL IN NETWORK FORENSICS: DEFINITION, PURPOSE &
EXAMPLES.
iii. CREATING EVIDENCE REPORTS IN NETWORK FORENSICS: COMPONENTS &
STEPS.
iv. DISASTER RECOVERY & PRESERVING DIGITAL FORENSIC EVIDENCE.
v. THE DIGITAL FORENSICS LAB: REQUIREMENTS & DESIGN.
vi. CHALLENGES & TRENDS IN DIGITAL CRIME.
vii. TRENDS IN DIGITAL FORENSICS SCIENCE.
viii. CHAPTER 12 PRACTICE TEST.

CHAPTER 13: REQUIRED ASSIGNMENT FOR COMPUTER/NETWORK FORENSICS.

i. NETWORK FORENSICS – ASSIGNMENT 1: IDENTIFYING & PREVENTING

NETWORK ATTACKS.
ii. NETWORK FORENSICS – ASSIGNMENT 2: LEGAL & ETHICAL COMPONENTS
OF NETWORK FORENSIC INVESTIGATIONS.
iii. NETWORK FORENSICS – ASSIGNMENT 3: VIRTUAL LABS.

END OF COURSE PRACTICE EXAM.