PV280 Network Forensics

Faculty of Informatics
Spring 2022
Extent and Intensity
1/1/0. 2 credit(s) (plus extra credits for completion). Type of Completion: zk (examination).
Taught in person.
Teacher(s)
RNDr. Milan Čermák, Ph.D. (lecturer), prof. RNDr. Tomáš Pitner, Ph.D. (deputy)
RNDr. Petr Velan, Ph.D. (lecturer)
Guaranteed by
prof. RNDr. Tomáš Pitner, Ph.D.
Department of Computer Systems and Communications – Faculty of Informatics
Timetable
Thu 17. 2. to Thu 12. 5. Thu 12:00–13:50 S108
Prerequisites (in Czech)
! J012 Digital Forensics && PB156 Computer Networks && PV004 UNIX
Course Enrolment Limitations
The course is offered to students of any study field.
The capacity limit for the course is 24 student(s).
Current registration and enrolment status: enrolled: 4/24, only registered: 0/24, only registered with preference (fields directly associated with the programme): 0/24
Course objectives
The course teaches students to monitor network traffic using raw packet capture and network flows. Students will be able to analyze obtained data to detect malicious behavior and network attacks. They will learn how to explore unknown networks and their services and assess their vulnerabilities.
Learning outcomes
At the end of the course, the students will be able to:
    • capture and analyze network traffic,
    • understand network flow monitoring and be able to deploy it on a network,
    • analyze flow records and extract information related to events and incidents in the monitored network,
    • understand network attacks and their detection in traffic,
    • analyze unknown network infrastructure and gain information about potential vulnerabilities.
Syllabus
  • Introduction to network forensics;
  • Host-side artifacts;
  • Packet capture and analysis;
  • Network flow capture and analysis;
  • Encrypted and tunneled traffic;
  • Network attacks and anomalies;
  • Intrusion detection systems;
  • Firewall and application logs;
  • Network scanning;
  • Advanced network data analysis.
Literature
  • MESSIER, Ric. Network forensics. Indianapolis, IN: Wiley. xxiv, 331. ISBN 9781119328285. 2017. info
  • SANDERS, Chris. Practical packet analysis : using Wireshark to solve real-world network problems. 3rd edition. San Francisco: No Starch Press. xxi, 345. ISBN 9781593278021. 2017. info
  • COLLINS, Michael. Network security through data analysis : from data to action. Second edition. Beijing: O'Reilly Media. xxii, 401. ISBN 9781491962848. 2017. info
Teaching methods
Hands-on seminars and homework assignments.
Assessment methods
Homework assignments during the semester (at least 60 % of all points is required).
Examination: practical assignment and follow-up discussion.
Language of instruction
English
Further Comments
The course is taught annually.
The course is also listed under the following terms Spring 2023, Spring 2024.
  • Enrolment Statistics (Spring 2022, recent)
  • Permalink: https://is.muni.cz/course/fi/spring2022/PV280