CYBR 672 Digital Forensics II
This course provides an in-depth examination of forensic techniques for investigating digital evidence across modern operating systems, including Windows, Linux, and macOS. Students will develop expertise in analyzing file systems to identify critical forensic artifacts and data structures essential to investigations. The course covers advanced memory forensics techniques to extract and interpret volatile data, including active processes and encryption keys. Students will also conduct network forensic investigations, utilizing packet analysis and decryption techniques to uncover hidden or encrypted malicious communications. Emphasizing correlation and interpretation of forensic evidence from multiple sources, students will integrate log analysis, system artifacts, and event timelines to reconstruct digital incidents. Hands-on experience with state-of-the-art forensic tools will enable students to perform forensic acquisitions of locally attached storage devices while ensuring data integrity and image validation. Additionally, students will gain proficiency in extracting and analyzing key Windows Registry artifacts, including user activity, network configurations, and system metadata, to build comprehensive forensic timelines. Through practical exercises and case studies, students will refine their ability to conduct sophisticated digital forensic investigations and effectively communicate findings in technical reports.
First day attendance is mandatory.
Prerequisites: Graduate standing. Note: Students are responsible to both be aware of and abide by prerequisites for CYBR courses for which they enroll, and will be administratively dropped from a course if they have not met prerequisites.
Prerequisites
Special information
Prerequisites: Graduate standing. Note: Students are responsible to both be aware of and abide by prerequisites for CYBR courses for which they enroll, and will be administratively dropped from a course if they have not met prerequisites.
2 Graduate credits
Effective May 6, 2020 to present
Learning outcomes
General
- Analyze modern file systems used by Windows, Linux, and Mac OS, identifying forensic artifacts and data structures critical to investigations.
- Evaluate and apply memory forensics techniques to extract and interpret key artifacts, including processes, encryption keys, and volatile data.
- Investigate and analyze network traffic using packet analysis and forensic tools, uncovering hidden or encrypted malicious communications.
- Interpret and synthesize forensic evidence from multiple attack sources, integrating log analysis, system artifacts, and event timelines.
- Apply forensic acquisition techniques for locally attached storage devices using state-of-the-art forensic tools, ensuring data integrity and validation of acquired images.
- Extract and document critical artifacts from Windows Registry, including user account activity, network configurations, and system metadata, to reconstruct forensic timelines.
- Assess and justify ethical considerations in forensic investigations, including privacy concerns, chain of custody integrity, and adherence to legal frameworks
Spring 2025
| Section | Title | Instructor | books | eservices |
|---|---|---|---|---|
| 01 | Digital Forensics II | Rabieh, Khaled | Books for CYBR-672-01 Spring 2025 | Course details for CYBR-672-01 Spring 2025 |
| 50 | Digital Forensics II | Rabieh, Khaled | Books for CYBR-672-50 Spring 2025 | Course details for CYBR-672-50 Spring 2025 |