Network Forensics and Cybercrime, 15 credits

Main field of study with advanced study

Advanced Computer Networks and Security 15 credits and Applied Data Mining 7,5 credits. English 6.

The course is included in the Master of Science programme in Network Forensics 60 credits. The course is also offered as a freestanding course.

The aim of the course is to introduce students to the theoretical and practical aspects of cyber security, network forensics and incident management, and to enable them to become acquainted with research related to anti-forensics, cyber fraud, cyber terrorism and attacks on vital infrastructures and societal functions. Students take a position on the type and complexity of digital evidence and its significance, relevance and protection in a modern IT society, and on the importance of cyber security for political processes and personal integrity.

On completion of the course, the students shall be able to:

Knowledge and understanding

• account for concepts such as anti-forensics, cyber fraud, cyber terrorism, and attacks on critical infrastructures
• provide an account of how the control and protection mechanisms of modern society relate to issues of openness in
• connection to security, diversity, sustainability and participation
• account for different methods of network forensics, present the possibilities and limitations and take ethical aspects and integrity issues into account
• explain forensic work in cybercrime and investigations based on perspectives of both technology and democracy to decision-makers in political institutions, public authorities and private organisations.

Skills and ability

• perform a forensic analysis of a specific problem, for example in environments related to digital society and IoT (the internet of things)
• analyse the network traffic of a given system after a threat and the vulnerability of infrastructures, and propose management of identified problems focusing on resilience and resource efficiency
• formulate research issues and give a formalised presentation of problems.

Judgement and approach

• take a critical position on current research on digital forensics from perspectives of technology as well as openness, democracy and personal integrity
• discuss the ethical accountability of a network forensic scientist
• identify their need of further knowledge and take responsibility for their ongoing learning.

Gathering of evidence of cybercrime such as cyber fraud and cyber terrorism, DDOS and extortion, anti-forensics, and attacks on vital infrastructures. Perspectives of openness and protection with regard to cybercrime, investigations and prevention. Ethical aspects of forensic investigations. Methods and tools of network forensics. Network security in connection with forensic investigations, standards of cyber security and security policies. New threats and challenges to digital investigations and their significance for the sustainable development of society.

Application of network forensics in the form of project work including problem analysis, application of different methods and algorithms, and testing and comparison of different solutions.

Report writing and presentation techniques are also included as specific components of the course.

The teaching consists of lectures, seminars and supervised laboratory exercises. Independent projects to be executed in groups.

The assessment is based on a written exam on theory and the project results which are to be presented in written reports and oral presentations.

If there are special reasons, the examiner may make exceptions from the specified examination format and allow a student to be examined in another way. Special reasons can e.g. be study support for students with disabilities.

Course evaluation is part of the course. This evaluation offers guidance in the future development and planning of the course. Course evaluation is documented and made available to the students.