National University of Computer & Emerging Sciences (FAST NUCES)

Computer and Network Forensics

Course Outline Fall 2015
BS (Computer Science) Core Course
Prerequisite: Operating Systems, Computer Networks
Credits: 3
Instructor: Jamshed Memon
Email: jamshed.memon@nu.edu.pk

1. Course Objectives
This course provides students with the essential concepts, principles, and techniques of computer and
network forensics. This course will enable students to be able to conduct the thorough investigation into
incidents that occur within a host and network. The course is designed to give those with minimal forensic
investigation experience, an understanding about the technologies and systems that underlie the operating
systems and the ways in which those core building blocks can be manipulated to make those systems
misbehave. The course will provide the analysis techniques that include the concentration on preserving the
evidence found in the memory (RAM & Hard Drives). The course will also provide an insight about the
different file systems and that how they can be used to locate evidence of malicious activity. In the domain
of network forensics this course will provide hands on experience in detecting the intrusion in the network
and capturing and analyzing the network logs.
Upon successful completion of this course you should be able to understand/demonstrate

Gathering Important information from the victim of network incident

Understand type of information to look during analysis of collected evidence
Understanding Windows Domains
Understanding user rights and file permissions
Understanding the Ports and Services
Using ports as evidence
Understanding Windows Logon Events.
Understanding File Systems
FAT32, NTFS, EXT2/3/4 File Systems & Data recovery.
Memory investigation tools (ProDiscover, WinEn, Volatility)
Understanding the Windows registry
Understanding the logs
Network Intrusion Detection System
DDoS attacks
TCP Fragmentation and TTL attacks
IP Traceback
Cloud Forensics
Understanding/Recovering Email logs.

Computer Forensics Syllabus

Page | 1

Spring 2015

2. Textbook and Readings

Mastering Windows Network Forensics & Invenstigations 2nd Edition:
Anson, S., & Bunting, S. (2012). Mastering Windows network forensics and investigation. John Wiley & Sons

There is also an additional recommended textbook.

The material covered in the lectures should be considered as the main definition of the scope of the course.
Readings in the required textbook are important to supplement lecture material. Assignments and exams will
be based on the topics presented in the lecture and may involve issues addressed in the readings.

3. Course Assessment
Student assessment will be based on quizzes, assignments, exams and a software project.
3.1. Quizzes
A series of quizzes and class popup are the regular features of my teaching methodology. These are the good
way for gauging the students learning and absorption of class coverage. There will be five quizzes during the
semester.
3.2. Assignments
A series of assignments will be given after achieving each milestone of database design and development.
The will be four assignments during the semester. These assignments, which accompany the different
Computer Forensics Syllabus

Page | 2

Spring 2015

lectures, will take you through the steps that are involved in building real-world database applications. The
assignments consist of written parts as well as parts dealing with the database system Oracle. All
assignments must be solved by each student individually. Working in groups is not allowed. Taking others
solution and copied the solution is not acceptable. Academic integrity is very important to me and I regard
ethical values more than anything in this world. Failure to submit an assignment will lead to 0 points in that
assignment.
3.3. Exams
There will be three exams; two midterms and one final. The first one roughly after five weeks of the
semester, the second one roughly after ten weeks of the semester, and the final exam at the end of the
semester. All three exams will be in class with closed notes and closed books. Failure to take an exam will
lead to 0 points in that exam. The exam schedule will be announced through neon and displayed on the
departmental notice board. There will be no explicit final exam.
All three exams will be based on the contents of the lecture and the corresponding readings. Threading
sections can also contain material not covered by the lecture. The exams will contain two different kinds of
exercises. The first kind includes practical exercises like formulating queries or designing a conceptual
schema. The second kind incorporates knowledge exercises and checks your knowledge of important
database notions and concepts.

4. Class Participation
The instructor highly recommends a regular class attendance. The instructor would also like to point out that
he highly advocates punctuality for the lectures.

5. Late Policy
All assignments must be submitted electronically at specified time on the day it is due.Internet/SLATE not
working is not an acceptable excuse. There is NO late submission policy.

6. Grading
During the semester the student can only earn points and not grades. At the end of the semester theweighted
sum of all points is mapped to a grade. The weighting is as follows:
Term Exams
[2]
30
Assignments
[4]
20
Final Exam
[1]
50
Point assessments will be changed only when an assessment error has been made; negotiation is impossible.
If a student thinks an error has been made, the student should let the instructor know about their doubt. The
entire exam or assignment will then be reevaluated. A student must submit an item for reevaluation within 3
days from when the evaluation of that item was completed or posted. Based on the students performance,
the grading policy will be applied.
[In my humble opinion, C- will not be a qualifying grade for critical tracking courses. In order to graduate,
students must have an overall GPA of 2.0 or better (C or better). Note: a C-average is equivalent to a GPA
of 1.67, and therefore, it does not satisfy this graduation requirement.]

7. Other Important Issues

7.1. Academic Honesty
Students are required to respect the ethical standards for academic honesty. Work submitted must be
produced individually by each student, except for tasks explicitly assigned to a group by the instructor. All
work submitted individually in the form of quizzes, assignments, exams, etc., is subject to the following
implicitly or explicitly required pledge:
On my honor, I have neither given nor received unauthorized aid in doing this assignment.

Computer Forensics Syllabus

Page | 3

Spring 2015

Violations of academic honesty and integrity in this course will not be tolerated. Since ethical behavior in
science and engineering is equal in importance to specific knowledge, the instructor will deal strictly with
any violations.
The instructors advice to the student is: immerse yourself in the class, learn the material, do your tasks
yourself. The benefit and enjoyment you will receive as a result of hard work will be much more valuable
than any penalty you might receive as a result of cheating.
7.2. Class Rules
For this class several rules hold which should be observed by the student:
1. If a student should have a problem that could have a negative influence on the students class performance
like sickness or project group conflicts, the student should talk to the instructor on time before it is too late
in order to find a solution.
2. The instructor attaches great importance to punctuality. Hence, each student should come in time to the
class.
3. Class-relevant announcements are made also in the class. If a student is unable to attend class, s/he should
ask a fellow student or pass the instructors office during the office hours regarding announcements in the
previous class.
4. The assignments have to be performed individually. Teamwork is not allowed. The time period for
working on an assignment is fixed.
8.3. Final Advice
The students who get the most out of this class will be the ones who put in the most effort. If you want to do
well, come to all the lectures, read the assigned sections of the textbook before coming to class, and start
early on your assignment and software project. If you are having difficulty, you owe it to yourself to get
help. The instructor sincerely wants all of you to do well. If you work hard and master the material presented
in this class, you will learn some powerful, fundamental concepts of database management systems as well
as application development skills, which are very marketable in todays high-tech industry. The instructor
will try his best to make the course as interesting and stimulating as possible and an enriching experience for
you.
Dr. JamshedMemon

Computer Forensics Syllabus

Page | 4

Spring 2015