Faculty of Health, Engineering and Science

School: Computer and Security Science

This unit information may be updated and amended immediately prior to semester. To ensure you have the correct outline, please check it again at the beginning of semester.

  • Unit Title

    Network Forensics
  • Unit Code

    CSG6223
  • Year

    2015
  • Enrolment Period

    1
  • Version

    1
  • Credit Points

    20
  • Full Year Unit

    N
  • Mode of Delivery

    On Campus
    Online

Description

This unit is an introduction to the tools and techniques used in the forensic recovery of data from networks. Evidence in networks and communications systems is often of a highly volatile nature and as a result needs special consideration and techniques for acquisition and preservation. The unit will focus on the recovery and analysis of evidence from TCP/IP based networks and enabled devices.

Prerequisite Rule

Students must pass 1 units from CSI4102, CSI5122

Equivalent Rule

Unit was previously coded CSG5107

Learning Outcomes

On completion of this unit students should be able to:

  1. Analyse an environment for network forensics including design and implementation of policy with particular reference to TCP/IP networks.
  2. Apply forensics tools and techniques to recover evidence from various network based scenarios.
  3. Demonstrate network forensics procedures.
  4. Formulate on a special forensics issue associated with TCP/IP networks, common network services such as email, FTP, www and physical network devices such as routers and network switches.
  5. Interpret current network security and forensic issues.
  6. Reflect on current digital device legal issues and relate it to the managementof network and communications forensics.
  7. Research network and network based forensics.

Unit Content

  1. Current issues in network forensics.
  2. Encryption, decryption, cryptanalysis techniques and uses in network forensics.
  3. Ethical and legal positions of network forensics application.
  4. Future issues and trends.
  5. Management issues and policy determination in network forensics.
  6. Physical, environmental and organisational considerations for deploying network forensics initiatives.
  7. The forensic process as it relates to networks.

Additional Learning Experience Information

Lectures, workshops, case studies, and practical exercises

Assessment

GS1 GRADING SCHEMA 1 Used for standard coursework units

Students please note: The marks and grades received by students on assessments may be subject to further moderation. All marks and grades are to be considered provisional until endorsed by the relevant Board of Examiners.

ON CAMPUS
TypeDescriptionValue
AssignmentNetwork analysis40%
Research PaperNetwork forensics research paper40%
ExerciseLaboratory exercises20%
ONLINE
TypeDescriptionValue
AssignmentNetwork analysis40%
Research PaperNetwork forensics research paper40%
ExerciseLaboratory exercises20%

Text References

  • Davidoff, S. & Ham, J. (2012). Network Forensics: Tracking Hackers through Cyberspace. Upper Saddle River, USA:Prentice Hall. Note: Seminal Reference.

  • Carvey, H. A. (2005). Windows forensics and incident recovery. Boston, MA: Addison-Wesley.
  • Chappell, L. (2002). Packet filtering: catching the cool packets!. Saratoga, NSW: podbooks.com.
  • Chappell, L. (2007). Guide to TCP/IP (3rd ed.). Boston, MA: Course Technology.
  • Cheswick, W. R. (2003). Firewalls and internet security: repelling the wily hacker. Boston, MA: Addison-Wesley.
  • Nelson, B. (2006). Guide to computer forensics and investigations. Boston, MA: Thomson Course Technology.
  • Vacca, J. R. (2005). Computer forensics: computer crime scene investigation. Hingham, MA: Charles River Media.

Journal References

  • Computers and Security
  • International Journal of Digital Evidence and Investigation
  • Journal of Information Warfare
  • Computer and Information Security
  • Digital Investigation: The International Journal of Digital Forensics & Incident

Disability Standards for Education (Commonwealth 2005)

For the purposes of considering a request for Reasonable Adjustments under the Disability Standards for Education (Commonwealth 2005), inherent requirements for this subject are articulated in the Unit Description, Learning Outcomes and Assessment Requirements of this entry. The University is dedicated to provide support to those with special requirements. Further details on the support for students with disabilities or medical conditions can be found at the Access and Inclusion website.

Academic Misconduct

Edith Cowan University has firm rules governing academic misconduct and there are substantial penalties that can be applied to students who are found in breach of these rules. Academic misconduct includes, but is not limited to:

  • plagiarism;
  • unauthorised collaboration;
  • cheating in examinations;
  • theft of other students' work;

Additionally, any material submitted for assessment purposes must be work that has not been submitted previously, by any person, for any other unit at ECU or elsewhere.

The ECU rules and policies governing all academic activities, including misconduct, can be accessed through the ECU website.

CSG6223|1|1

Faculty of Health, Engineering and Science

School: Computer and Security Science

This unit information may be updated and amended immediately prior to semester. To ensure you have the correct outline, please check it again at the beginning of semester.

  • Unit Title

    Network Forensics
  • Unit Code

    CSG6223
  • Year

    2015
  • Enrolment Period

    2
  • Version

    1
  • Credit Points

    20
  • Full Year Unit

    N
  • Mode of Delivery

    On Campus
    Online

Description

This unit is an introduction to the tools and techniques used in the forensic recovery of data from networks. Evidence in networks and communications systems is often of a highly volatile nature and as a result needs special consideration and techniques for acquisition and preservation. The unit will focus on the recovery and analysis of evidence from TCP/IP based networks and enabled devices.

Prerequisite Rule

Students must pass 1 units from CSI4102, CSI5122

Equivalent Rule

Unit was previously coded CSG5107

Learning Outcomes

On completion of this unit students should be able to:

  1. Analyse an environment for network forensics including design and implementation of policy with particular reference to TCP/IP networks.
  2. Apply forensics tools and techniques to recover evidence from various network based scenarios.
  3. Demonstrate network forensics procedures.
  4. Formulate on a special forensics issue associated with TCP/IP networks, common network services such as email, FTP, www and physical network devices such as routers and network switches.
  5. Interpret current network security and forensic issues.
  6. Reflect on current digital device legal issues and relate it to the managementof network and communications forensics.
  7. Research network and network based forensics.

Unit Content

  1. Current issues in network forensics.
  2. Encryption, decryption, cryptanalysis techniques and uses in network forensics.
  3. Ethical and legal positions of network forensics application.
  4. Future issues and trends.
  5. Management issues and policy determination in network forensics.
  6. Physical, environmental and organisational considerations for deploying network forensics initiatives.
  7. The forensic process as it relates to networks.

Additional Learning Experience Information

Lectures, workshops, case studies, and practical exercises

Assessment

GS1 GRADING SCHEMA 1 Used for standard coursework units

Students please note: The marks and grades received by students on assessments may be subject to further moderation. All marks and grades are to be considered provisional until endorsed by the relevant Board of Examiners.

ON CAMPUS
TypeDescriptionValue
AssignmentNetwork analysis40%
Research PaperNetwork forensics research paper40%
ExerciseLaboratory exercises20%
ONLINE
TypeDescriptionValue
AssignmentNetwork analysis40%
Research PaperNetwork forensics research paper40%
ExerciseLaboratory exercises20%

Text References

  • Davidoff, S. & Ham, J. (2012). Network Forensics: Tracking Hackers through Cyberspace. Upper Saddle River, USA:Prentice Hall. Note: Seminal Reference.

  • Carvey, H. A. (2005). Windows forensics and incident recovery. Boston, MA: Addison-Wesley.
  • Chappell, L. (2002). Packet filtering: catching the cool packets!. Saratoga, NSW: podbooks.com.
  • Chappell, L. (2007). Guide to TCP/IP (3rd ed.). Boston, MA: Course Technology.
  • Cheswick, W. R. (2003). Firewalls and internet security: repelling the wily hacker. Boston, MA: Addison-Wesley.
  • Nelson, B. (2006). Guide to computer forensics and investigations. Boston, MA: Thomson Course Technology.
  • Vacca, J. R. (2005). Computer forensics: computer crime scene investigation. Hingham, MA: Charles River Media.

Journal References

  • Computers and Security
  • International Journal of Digital Evidence and Investigation
  • Journal of Information Warfare
  • Computer and Information Security
  • Digital Investigation: The International Journal of Digital Forensics & Incident

Disability Standards for Education (Commonwealth 2005)

For the purposes of considering a request for Reasonable Adjustments under the Disability Standards for Education (Commonwealth 2005), inherent requirements for this subject are articulated in the Unit Description, Learning Outcomes and Assessment Requirements of this entry. The University is dedicated to provide support to those with special requirements. Further details on the support for students with disabilities or medical conditions can be found at the Access and Inclusion website.

Academic Misconduct

Edith Cowan University has firm rules governing academic misconduct and there are substantial penalties that can be applied to students who are found in breach of these rules. Academic misconduct includes, but is not limited to:

  • plagiarism;
  • unauthorised collaboration;
  • cheating in examinations;
  • theft of other students' work;

Additionally, any material submitted for assessment purposes must be work that has not been submitted previously, by any person, for any other unit at ECU or elsewhere.

The ECU rules and policies governing all academic activities, including misconduct, can be accessed through the ECU website.

CSG6223|1|2