Search Results


Security incidents and cybercrimes detected by organizations are escalating in both scale and complexity. As a result, cyber investigation capabilities have become a critical mechanism for organizations in an effort to minimize the damage from incidents and cybercrimes. These investigations often involve the preservation, identification, extraction, analysis and documentation of digital data (evidence) stored on a variety of electronic devices. The aim of this course is to introduce graduate students to acceptable approaches for collecting, analyzing and reporting data from a cyber investigation. Topics include but are not limited to: an introduction to cyber investigations, cyber investigations and the law, incident response and first responder actions, investigation techniques, operating system analysis, and network investigations Students will be required to perform several analyses in a controlled lab environment.

Prerequisite(s): CYBR 8366 or equivalent. CSCI 3550 or ISQA 3400, or equivalent. CYBR 3370 or equivalent. Alternatively, instructor permission can be sought before enrolling into the class for students who have not met all of the above requirements.