CyberSecurity Forensics (CS/MIS665)

Cover the identification, preservation, and analysis of evidence of security attacks. Identify the attackers and document their activity with sufficient reliability to justify appropriate technological, business, and legal responses. This topic has technological and legal components, both of which are covered in this course. The technical aspect addresses analysis of intruder types and the intrusion process, logs and profiles, attack signatures and fingerprints, traceback methods, and applications of data mining techniques. The legal aspect addresses the impacts of forensics on the legislative, judicial, and regulatory proceedings that collectively articulate and promote public policy goals, determine civil and criminal liability, and define and assess regulatory compliance.