Tentative Schedule:

AM:

q       Introduction to Cybersecurity Forensics

Ø      Growing Threats/Attacks

Ø      What is Cybersecurity Forensics?

Ø      Locard’s Exchange Principle

Ø      Phases of Computer Forensic Investigation

Ø      Basic Methodology of Computer Forensics

Ø      IT Requirements for Forensics

Ø      Major Issues in Cybersecurity Forensics

q       Forensics Evidence

                  Ø      What is Evidence?

Ø      Evidence Collection Process

Ø      Evidence Requirements

Ø      Evidence Dynamics

Ø      Handling Evidence

Ø      Evidence Analysis

Ø      Evidence Presentation

 q       Host-Based Forensics

Ø      Where to Find Host-based Evidence

Ø      Configuring Client Computers for Forensic Data Collection

Ø      Overview of Computer Architecture

Ø      Overview of File Systems

Ø      Hidden Evidence

Ø      Forensic Duplication

PM:

q       Network-Based Forensics

Ø      Review of Addressing

Ø      Domain Name Resolution

Ø      Goals of Network Monitoring

Ø      Collecting Network Evidence

 q       Forensic Case Studies

Ø      Email Forensics

·         Email Protocols

·         Tracking Email

·         SMTP Extended Header

·         SMTP Server Logs

Ø      Whistle Blower Forensics

·         Subject of Study

·         Investigative Team Objectives

·         Preparation

·         Evidence Collection

·         Results and Reporting

q       The Trojan Defense

Ø      Trojans and Backdoors

Ø      Wrappers and Packers

Ø      Backdoor/Trojan Forensics

Ø      Some Scenarios