COMP-3731 Details

COMP 3731 Computer Forensics

About This Course

There are many different job roles available in the area of cybersecurity. In this class we will be focusing on the role of incident responder and investigator, going over the tools, techniques, and playbooks used when collecting computer forensics data about an incident.

In this course you will learn what computer forensics is, how to correctly collect forensic information without altering the state of the system being analyzed, and how to interpret the information collected to build a complete timeline regarding the incident under investigation. We will go over, at a high level, memory, file systems, and networks, as understanding these concepts is critical to collecting forensic information. Moreover, you will learn to develop scripts using Bash and Python that will facilitate in data collection.

Course Objectives

By the end of this course, you should be able to:

  • Understand how computer forensics fits into the larger discipline of cybersecurity, and what role it plays in computer security
  • Create forensics toolkits that enable the analysis of target workstations without altering their state
  • Understand how memory works in Linux, and how you can capture the current state of memory
  • Understand how computer networks function at a high level, and be able to capture network requests made by a system in order to analyze them
  • Understand how the Linux file system works, and how you can create a copy of that filesystem without altering its state
  • Develop and execute forensic scripts using Bash
  • Develop and execute forensic scripts using Python
  • Perform live forensics analysis against a running system to determine if it has been compromised
  • Perform dead forensics analysis to determine exactly how a system was compromised, and what malware has been installed
  • Organize forensics data to create a timeline of an incident

Course Topics

This course will cover the following topics:

  • Slack, how to communicate with a team
  • Git and how to use it
  • Bash scripting
  • The Python programming language
  • High-level introductions to computer memory, file systems, and networking in Linux
  • Methods for collecting and analyzing computer forensics information in Linux