10504186Introduction to Internet and Networking Concepts
Course Information
Description
This course provides an introduction to computer networking in the context of digital investigations. It will include a review of the Internet topology, Internet Protocol (IP) versions 4/6, Ethernet addressing schemes, researching network contact information and reputation as well as studying network communications between applications and the network. Students will learn how determine which network ports applications are using, how to scan network devices with NMAP as well as capture, view and search Internet traffic with Wireshark. This course will also review capturing computer memory and subsequently reviewing it with Volatility to learn about any past network activity. The course will cover email and web browser forensics using Encase and Paraben tools. Students will also learn background on anonymous email and web browsing as well as collecting investigative information from log files as well as basic malware identification techniques.
Total Credits
Course Competencies
  1. Describe the role of network evidence in criminal and civil investigations
    Assessment Strategies
    by participating in the class
    by completing in-class and homework assignments
    by completing lab exercise
    Criteria
    you enter into class discussions
    you complete assignments in a timely fashion
    you complete the lab exercise successfully
    you attend class regularly
    you arrive for class on time
    you listen attentively during class

  2. Describe, in general, the network infrastructure that composes the Internet
    Assessment Strategies
    by participating in the class
    by researching sources on the topic
    by writing a term paper
    Criteria
    you enter into class discussions using course materials
    you attend class regularly
    you arrive for class on time
    you participate in class activities and labs
    you listen attentively during class

  3. Describe how Internet identifiers, including IP addresses, MAC addresses, hostnames, etc, can be used in investigations and limitations
    Assessment Strategies
    by participating in the class
    by completing lab exercise
    Criteria
    you enter into class discussions
    you complete the lab exercise successfully
    you attend class regularly
    you arrive for class on time
    you listen attentively during class

  4. Perform an investigative analyses of email, web browser and other internet client applications
    Assessment Strategies
    by participating in the class
    by completing in-class and homework assignments
    by group or self presentation on the subject material to the class
    Criteria
    you participate in class discussion using course materials
    you complete assignments in a timely fashion
    you participate equally in a group presentation on the subject matter
    you attend class regularly
    you arrive for class on time
    you listen attentively during class

  5. Perform basic analyses of collected network evidence including network capture files and related logs, eg web server, etc.
    Assessment Strategies
    by participating in the class
    by completing in-class and homework assignments
    by completing lab exercise
    Criteria
    you enter into class discussions
    you complete assignments in a timely fashion
    you complete the lab exercise successfully
    you attend class regularly
    you arrive for class on time
    you listen attentively during class

  6. Perform information gathering with tools such as TCPview, whois, ipconfig, ping, passive DNS, netcat, nmap, windd32/64, Volatility, etc
    Assessment Strategies
    by participating in the class
    by completing in-class and homework assignments
    by completing lab exercise
    Criteria
    you enter into class discussions
    you complete assignments in a timely fashion
    you complete the lab exercise successfully
    you attend class regularly
    you arrive for class on time
    you listen attentively during class

This Outline is under development.