up

2020-01-15

Everyone gets a few bonus points, thank you prof.

“In this class, we’re going to focus on data in transit”

Intelligence and Evidence are different. One can have intel that something is going on, but no evidence.

Forensics involves rules on how you handle evidence.

There is a system forensics class - but this one is network.

Our typical data source is logs.

• Real-time response
• Forensic analysis

Three kinds of data of interest:

• Packets
  • Lots and lots of information
  • split into headers and payloads
• Flow
  • Header fields and metadata about connections
    • How long the session lasted
    • Quantity of traffic in each direction
• Logs
  • Prof didn’t explain this one

Types of firewalls:

• Network Filter
• Deep Packet Inspection

Things to look at in headers:

• Source IP
• Source Port
• Dest IP
• Dest Port
• Protocol

Professor does not take attendance

Mid-semester exam will be ten short answer questions.

Semester Project

• Form teams of 2 to 3 people
• It doesn’t have to be big