NWIT264 — Network and Cloud Forensics
Focuses on the technical aspects of network and cloud intrusions and discusses the methodology commonly used by attackers. The course begins with an overview of networking protocols and then addresses topics, such as session hijacking, capturing network traffic, and the importance of collecting volatile data from on-premise and/or cloud-hosted environments. Students learn how to examine a compromised server or workstation in the field to obtain log files and forensic images of hard disk drives. Students examine server log files and forensic artifacts for evidence of the attacker’s methods and activities. Three hours lecture each week. 3 semester hours Course
Prerequisites: NWIT151, NWIT170