Network Forensics (FCM 745)
Fall 2009

Instructor Prof. Douglas Salane

  • office: 4213N
  • e-mail:dsalane@jjay.cuny.edu
  • web site: http://web.math.jjay.cuny.edu

Class Meetings Section 01, Thurs., 6:20-8:20pm

Office Hours Tues. period 4 and Thurs. period 7

Text There is no required text; however, the following text will be referenced exensively. Most required materials are available on-line. See the Resources section below.

  • Richard BejtlichThe Tao of Network Security Monitoring: Beyond Intrustion Detection, Addison-Wesley (2005).

Course Description(from catalogue) Concerns the forensic security issues related to access to data stored on computer systems and the transmission of data between systems. Topics include detecting and monitoring intrusions of networks and systems, authentication protocols, viruses and worms, and management of intrusion response teams. The course includes laboratory work such as attack and defend exercises.

Course objectives Students will understand the role of network forensic analysis in both criminal and security investigations. They will learn to identify sources of forensic data associated with and network devices and apply the methods and tools needed in forensic investigations. They will become familiar with some of the outstanding research challenges in network forensics and proposed technical solutions. The will develop an understanding of network designs that facilitate forensic discovery. Students also will learn the legal guidelines that apply to investigations as well as the technological consequences of recent legislation and FCC rulings.

Syllabus FCM 745, Fall 2009


Forensic Texts, Web Sites and Papers


Exams/Grading Grades will be based on three, which will account for about 40% of the final grade. In addition, readings from monographs and papers will be assigned weekly. Assigned papers and class participation based on the readings will account for 60%.

Laboratory facilities Students will receive accounts on Linux computers available in 4213 and via remote SSH login.

Academic Honesty You only learn if your work is your own. Cheating on exams or copying assignments will not be tolerated. Please review the College's policies on Plagiarism and Cheating.

Announcements (9/2/09) Please send me an email as soon as possible so I have your address. Have a good semester.

Course development sponsored in part by NSF grants 043044 and 0416494