State University of New York Polytechnic Institute

Fall’16, NCS 490: Network Forensics

In this course we learn to recognize hackers’ tracks and uncover network-based evidence. We investigate methods to carve suspicious email attachments from packet captures. Use flow records to track an intruder as he pivots through the network. Analyze a real-world wireless encryption-cracking attack (and then crack the key yourself). Reconstruct a suspects’ web surfing history–and cached web pages, too–from a web proxy. Uncover DNS-tunneled traffic. Dissect the Operation Aurora exploit, caught on the wire.