Digital Forensics Courses

For 506 Database Security and Forensics (3)

The course will teach principles, technologies, tools and trends for data and applications security. Topics to be covered include: confidentiality, privacy and trust management, secure databases, secure distributed systems, and data privacy. Students will work in teams on their semester project and will have weekly sessions with the faculty instructor who will review their work. Students who have taken BFor 306 are not eligible to take this course. Prerequisites: BFor 205 or knowledge of SQL. Not open to students who have completed and passed BFor 306.

For 516 Data Analytics for Cyber Security (3)

This course will cover data analysis applications in a variety of situations, including intrusion detection, fraud detection, behavioral analysis and managing large, loosely-structured data sets. Students will learn widely-used machine learning algorithms and have hands-on experience with data preprocessing, feature extraction, and information visualization. Specific machine learning applications include classification, clustering, and regression. Before taking this course, students should have basic programming skills and a sufficient mathematical background in probability, statistics, and linear algebra. The course will primarily use Python to implement the data processing and analysis. Prerequisites: Mat 108, Introduction to Statistics, and For 206, Programming for Security Analytics.

For 519 System Administration and Operating System Concepts (3)

A practical study of the secure management of multiple internet connected server and workstation computers. System setup and periodic maintenance (with topics such as OS installation, file systems, application server software builds, patching, performance monitoring) combined with issues of availability (including networking and remote access, backup and restores, user accounts) and interoperability issues. Prerequisites: BFor 100 (or equivalent), BFor 206 (or equivalent). Not open to students who have completed and passed BFor 419.

For 520 Open Source Intelligence and Social Network Analysis (OSINT and SNA) (3)

The comprehensive nature of data available online - social media, blogs, news articles - facilitates its solicitation by corporations, government, law enforcement agencies for constructing human subject profiles, evaluation public opinion, tracking customer loyalty and conducting near real rime decision making. Notwithstanding the ethical and privacy concerns of these practices, it is important to understand how Open Source Intelligence (OSINT) gathering and analysis in the age of Internet has formed a legitimate practice that has had and will continue to have significant impact on governance society.
In this course, students will learn about various facets of open source intelligence and how it is collected and analyzed. In addition, we will be focusing on Dark web - a challenging frontier for OSINT with significant potential for actionable intelligence. From a methodological perspective, we will also be covering how modeling OSINT data using social network analysis methods can provide critical insights that can help analysts connect the dots between seemingly heterogenous information.

For 610 International Cyber Conflicts (3)

Cyber Security is an international problem where the perpetrators and victims of attacks may be in completely disparate locations. Cyber attacks have morphed from cyber crime and amateur display of prowess into cyber warfare and espionage among nations. While the issues are international there is little consensus on how to investigate them, create universally acceptable norms, and create international laws across multiple countries to manage them. This course discusses some of these sensitive issues regarding information security and cyber warfare. The hope is to improve understanding between professionals and students across countries in order to foster cooperation in resolving cyber conflicts. The class will include cases and discussions that will touch on the sensitive security related topics.

For 611 Supervisory Control And Data Acquisition (SCADA) Forensics (3)

Supervisory Control And Data Acquisition (SCADA) systems are computer systems controlling large-scale, industrial equipment, often underlying important infrastructural assets such as power plants, water distribution facilities, and communication networks. This class is intended to familiarize students with how to forensically investigate and secure SCADA system. Due to the nature and impact of SCADA systems on human lives they typically have more requirements than standard systems. Because SCADA systems are imbedded into critical infrastructure it is vital to understand the regulatory compliance and system governance associated with these systems. As recent events, both domestically and internationally, have demonstrated, SCADA forensics skills are increasingly important and in demand today. Prerequisites: R CRJ 281, A MAT 108, or equivalent; recommended B FOR 201 and 202.

For 613 Multimedia Forensics (3)

This course prepares students to conduct digital forensic examinations on multimedia evidence, specifically images, videos and audio files. The course builds student knowledge from the basics of multimedia types to being able to recognize anomalies in the files and identify file creation attributes. Students will learn how to examine multimedia files manually and through automated processes utilized by digital forensic tools. Students will prepare written reports outlining their findings of analysis, in a professionally acceptable manner, pursuant to administrative, civil and criminal legal proceedings. Graduate students will be expected to do extra or more advanced assignments. Prerequisites: R CRJ 281, A MAT 108, or equivalent; recommended B FOR 201 and 202.

For 614 Cyber Threat Modeling (3)

This course is an introduction to cyber threat modeling from a variety of perspectives.  Included in the course are threat modeling, application of cyber threat intelligence, analysis of technical threats, 360-degree cyber threat analysis techniques, data and information sources that feed the threat analysis cycle and hands-on exercises using security data.  The course is heavily lab-oriented and each class will have a specific lab objective to be achieved by students working in teams of two.  Periodic quizzes will make up the testing portion of the course but instead of a mid-term and final exam there will be a final lab exercise that will involve all of the tools and techniques used during the course.  That final lab will be constructed from real world events occurring during the final half of the semester. Students also will prepare a research project and present it both as a formal paper to be turned in and a class presentation. Prerequisite: B FOR 203/Working knowledge of Networking (TCP/IP protocol stack).

For 615 Hacking for Penetration Testers (3)

This course teaches students to test the defenses of a network and identify the vulnerabilities in the system by deploying tools used by hackers to anticipate how hackers might compromise networks. The course starts with an overview of the network fundamentals including protocols at different levels of the network stack. It then takes the student through the various steps of network intrusion starting with gathering information of the target network from open source intelligence, conducting reconnaissance of the network, identifying the tools to exploit the vulnerabilities, and launching attacks. The attacks covered include, spoofing, session hijacking, denial-of-services, etc. This course cannot be taken if BFOR415 is taken.

For 618 Reverse Engineering Malware (3)

Reverse engineering of malware is the process of examining the disassembled code of malware via a disassembled or hex editor to better understand the code logic and hence, the design tactics of various malware genres. This course mainly teaches basic, intermediate and advanced reverse engineering techniques to retrieve malware code and interpret their behavior. To this end, the course covers both theoretical and practical aspects of this domain. First, the course presents each step of malware reverse engineering including disassembling, assembly code interpretation, source code generation, code flow analysis, information flow analysis and debugging. This course also discusses recent research developments in the domain of malware and binary analysis. Furthermore, the design and behavior of various recent impactful malware are described in the course. Second, each lecture follows with a hands-on lab session, which allows students to analyze real-world malware samples in a quarantined environment. Such analysis helps to adopt appropriate countermeasures accordingly. Prerequisites: BFor 204 or knowledge of fundamentals of cyber security. Not open to students who have completed and passed BFor 418.

For 620 National Cyber Security Challenge Problems (3)

This course exposes students to national cyber security challenge problems that our National Labs are currently dealing with and is suitable for seniors who are majors in Digital Forensics, Computer Science, Mathematics, and Cyber Security. This is an experiential learning course where student teams will work closely with the faculty instructor and scientists in a National Lab or a Government Agency dealing with cyber security or intelligence problems. Students will work in teams to plan and solve the problems.

For 642 Computer Forensics (3)

Computer forensics is a relatively new field focused on solving computer crime that is an amalgamation of forensics investigative techniques, computer security, and law. Computer forensics is the study of cyber attack reporting, detection, and response by logging malicious activity and gathering court-admissible chains-of-evidence using various forensic tools able to trace back the activity of hackers. The course provides students with training in collection and preserving evidence from computers and networks.

For 643 Incident Handling (3)

The course primarily involves management of computer security incidents, including detailing different types of incidents, identification, preparation, and analysis of incidents; as well as gathering of evidence, recovery and follow-up to computer security incidents.