Digital Forensics Courses

For 506 Database Security and Forensics (3)

The course will teach principles, technologies, tools and trends for data and applications security. Topics to be covered include: confidentiality, privacy and trust management, secure databases, secure distributed systems, and data privacy. Students will work in teams on their semester project and will have weekly sessions with the faculty instructor who will review their work. Prerequisites: Students taking this course should have prior knowledge of SQL. Not open to students who have completed and passed BFor 306.

For 515 Tools for AI and Data Analytics (3)

In this course students will learn the fundamental skills required to engage advanced data analytics. The course will include the use of Python and R programming that students will apply to basic problems of classification, clustering, and regression. Assessing data quality and data clean-up in preparation for use in analytics is also covered.

For 516 Advanced Data Analytics for Cyber Security (3)

This course will cover data analysis applications in a variety of situations, including intrusion detection, fraud detection, behavioral analysis and managing large, loosely-structured data sets. Students will learn widely-used machine learning algorithms and have hands-on experience with data preprocessing, feature extraction, and information visualization. Specific machine learning applications include classification, clustering, and regression. Before taking this course, students should have basic programming skills and a sufficient mathematical background in probability, statistics, and linear algebra. The course will primarily use Python to implement the data processing and analysis. Prerequisites: Students taking this course should have prior knowledge of elementary statistics and programming for security analytics. Students who have received credit for BFOR416 cannot receive credit for this course. 

For 519 System Administration and Operating System Concepts (3)

A practical study of the secure management of multiple internet connected server and workstation computers. System setup and periodic maintenance (with topics such as OS installation, file systems, application server software builds, patching, performance monitoring) combined with issues of availability (including networking and remote access, backup and restores, user accounts) and interoperability issues. Prerequisites: Students taking this course should have prior knowledge of elementary statistics and programming for security analytics. Not open to students who have completed and passed BFor 419.

For 520 Open Source Intelligence and Social Network Analysis (OSINT and SNA) (3)

The comprehensive nature of data available online - social media, blogs, news articles - facilitates its solicitation by corporations, government, law enforcement agencies for constructing human subject profiles, evaluation public opinion, tracking customer loyalty and conducting near real rime decision making. Notwithstanding the ethical and privacy concerns of these practices, it is important to understand how Open Source Intelligence (OSINT) gathering and analysis in the age of Internet has formed a legitimate practice that has had and will continue to have significant impact on governance society.
In this course, students will learn about various facets of open source intelligence and how it is collected and analyzed. In addition, we will be focusing on Dark web - a challenging frontier for OSINT with significant potential for actionable intelligence. From a methodological perspective, we will also be covering how modeling OSINT data using social network analysis methods can provide critical insights that can help analysts connect the dots between seemingly heterogenous information. Students who received credit for For 430 cannot receive credit for this course.

For 525 Advanced Networking (3)

The course builds on the knowledge of networking fundamentals and teaches students how to deploy, configure, and troubleshoot networks. It also covers various routing protocols including routing of encrypted traffic, concepts of advanced networking (including wireless networks), and network security. Available and scalable connectivity at the network level through the practical application of dynamic connectivity are explored in a virtual lab environment. Students in this course will understand and apply critical concepts and technologies that are necessary for computer networks to function reliably and securely. The topics covered in this course also include traffic logging, system reporting, VPN & Dark Web, firewall, IPv6 implementation, DNS infrastructure, and wireless networks.

For 610 International Cyber Conflicts (3)

Cyber Security is an international problem where the perpetrators and victims of attacks may be in completely disparate locations. Cyber attacks have morphed from cyber crime and amateur display of prowess into cyber warfare and espionage among nations. While the issues are international there is little consensus on how to investigate them, create universally acceptable norms, and create international laws across multiple countries to manage them. This course discusses some of these sensitive issues regarding information security and cyber warfare. The hope is to improve understanding between professionals and students across countries in order to foster cooperation in resolving cyber conflicts. The class will include cases and discussions that will touch on the sensitive security related topics.

For 611 Supervisory Control And Data Acquisition (SCADA) Forensics (3)

Supervisory Control And Data Acquisition (SCADA) systems are computer systems controlling large-scale, industrial equipment, often underlying important infrastructural assets such as power plants, water distribution facilities, and communication networks. This class is intended to familiarize students with how to forensically investigate and secure SCADA system. Due to the nature and impact of SCADA systems on human lives they typically have more requirements than standard systems. Because SCADA systems are imbedded into critical infrastructure it is vital to understand the regulatory compliance and system governance associated with these systems. As recent events, both domestically and internationally, have demonstrated, SCADA forensics skills are increasingly important and in demand today. Prerequisites: Students taking this course should have prior knowledge of Elementary Statistics.

For 613 Multimedia Forensics (3)

This course prepares students to conduct digital forensic examinations on multimedia evidence, specifically images, videos and audio files. The course builds student knowledge from the basics of multimedia types to being able to recognize anomalies in the files and identify file creation attributes. Students will learn how to examine multimedia files manually and through automated processes utilized by digital forensic tools. Students will prepare written reports outlining their findings of analysis, in a professionally acceptable manner, pursuant to administrative, civil and criminal legal proceedings. Students taking this course should have prior knowledge of Elementary Statistics. Student who have received credit BFor 413 cannot receive credit for this course.

For 614 Cyber Threat Modeling (3)

This course is an introduction to cyber threat modeling from a variety of perspectives.  Included in the course are threat modeling, application of cyber threat intelligence, analysis of technical threats, 360-degree cyber threat analysis techniques, data and information sources that feed the threat analysis cycle and hands-on exercises using security data.  The course is heavily lab-oriented and each class will have a specific lab objective to be achieved by students working in teams of two.  Periodic quizzes will make up the testing portion of the course but instead of a mid-term and final exam there will be a final lab exercise that will involve all of the tools and techniques used during the course.  That final lab will be constructed from real world events occurring during the final half of the semester. Students also will prepare a research project and present it both as a formal paper to be turned in and a class presentation. Prerequisite: Students taking this course should have a working knowledge of Networking (TCP/IP protocol stack)..

For 615 Hacking for Penetration Testers (3)

This course teaches students to test the defenses of a network and identify the vulnerabilities in the system by deploying tools used by hackers to anticipate how hackers might compromise networks. The course starts with an overview of the network fundamentals including protocols at different levels of the network stack. It then takes the student through the various steps of network intrusion starting with gathering information of the target network from open source intelligence, conducting reconnaissance of the network, identifying the tools to exploit the vulnerabilities, and launching attacks. The attacks covered include, spoofing, session hijacking, denial-of-services, etc. This course cannot be taken if BFOR415 is taken.

For 616 Business Applications of AI (3)

From reengineering manufacturing to self-driving cars to digital humans, Artificial Intelligence and Machine Learning have created a new frontier of science and business. All dimensions of business, including, finance, marketing, cybersecurity, and management can benefit from AI, yet we face some dystopian threats from it. The AI systems themselves are subject to cyberattacks - data poisoning, contrived data injection, etc. This course explores the promise of AI across the spectrum of businesses and the threats associated with AI and ML. Societal impacts, ways to mitigate threats, ethical considerations, technical details of AI systems, and system threat vectors will be discussed.

For 618 Reverse Engineering Malware (3)

Reverse engineering of malware is the process of examining the disassembled code of malware via a disassembled or hex editor to better understand the code logic and hence, the design tactics of various malware genres. This course mainly teaches basic, intermediate and advanced reverse engineering techniques to retrieve malware code and interpret their behavior. To this end, the course covers both theoretical and practical aspects of this domain. First, the course presents each step of malware reverse engineering including disassembling, assembly code interpretation, source code generation, code flow analysis, information flow analysis and debugging. This course also discusses recent research developments in the domain of malware and binary analysis. Furthermore, the design and behavior of various recent impactful malware are described in the course. Second, each lecture follows with a hands-on lab session, which allows students to analyze real-world malware samples in a quarantined environment. Such analysis helps to adopt appropriate countermeasures accordingly. Prerequisites: Students taking this course should have have knowledge of cyber security fundamentals. Not open to students who have completed and passed BFor 418.

For 620 National Cybersecurity Challenge Problems (3)

This course exposes students to national cybersecurity challenge problems that our National Labs are currently dealing with and is suitable for seniors who are majors in Digital Forensics, Computer Science, Mathematics, and Cybersecurity. This is an experiential learning course where student teams will work closely with the faculty instructor and scientists in a National Lab or a Government Agency dealing with cyber security or intelligence problems. Students will work in teams to plan and solve the problems.

For 632 Cyber Threat Hunting (3)

Cyber threat hunting involves using intelligence to find threats within an organization that may evade traditional security measures. In this course students will learn about sources of threat intelligence and techniques for understanding these sources. Students will also learn the MITRE and leverage the MITRE and ATT&CK knowledge base for the development of specific threat models for organizations. Students will use machine learning to train models for identifying cyber threats from data and the course will conclude with students learning to employ active defense mechanisms in organizations for engaging with adversaries and understanding the potential threats thought honey pots and honey nets.

For 642 Computer Forensics (3)

Computer forensics is a relatively new field focused on solving computer crime that is an amalgamation of forensics investigative techniques, computer security, and law. Computer forensics is the study of cyber attack reporting, detection, and response by logging malicious activity and gathering court-admissible chains-of-evidence using various forensic tools able to trace back the activity of hackers. The course provides students with training in collection and preserving evidence from computers and networks.

For 643 Incident Handling (3)

The course primarily involves management of computer security incidents, including detailing different types of incidents, identification, preparation, and analysis of incidents; as well as gathering of evidence, recovery and follow-up to computer security incidents.

For 650 Cyber Vulnerability Exploitation (3)

Managing computer vulnerabilities is a key issue for organizations. In this course students will gain an understanding of vulnerabilities and their management as well as common scoring systems that organizations use to manage their security vulnerabilities. This course identifies how attack vectors can be used for exploitation using hands-on laboratories and covers the entire hacking process. The later part of the course will cover exploitation of SCADA systems explaining vulnerabilities and attack vectors specific to ICS/SCADA protocols, applications, hardware, severs, and workstations.

This course will cover topics of temporal or special interest in Digital Forensics which will not be made a curricular requirement for a degree. The topics of interest will be based on current events, emerging trends in forensic technology and policy. Course may be repeated once when the topic varies.