Jul 01, 2025  
2022-23 Catalog 
    
Catalog Navigation
  Catalog Home
  Your Catalog
  About Highline
  Academic Calendars
  Core Competencies
  Enroll in Classes
  Getting Started
  Assessment, Placement, and Educational Planning
  Financial Aid
  Programs, Resources and Services for Students
  Registration and Records
  Tuition and Fees
  Advanced Placement Equivalency Information
  Course Descriptions
  Associate Degree & Certificate Requirements
  Baccalaureate Degrees
  Professional Technical Associate Degrees & Certificates
  Transferable Degrees and Certificates
  Other Instructional Programs
  Board of Trustees/Faculty/Staff
  College Policies and Procedures
  Instructional Policies and Procedures
  Maps
  Services Directory
  Glossary
  Veterans Services Addenda
  My Portfolio
HELP
2022-23 Catalog [ARCHIVED CATALOG]

Add to Portfolio (opens a new window)

CIS 370 - Network Forensics and Investigations

5 Credits
Students must be admitted to the appropriate BAS program to take this course. It is assumed that they have completed CIS 155 or its equivalent. This course focuses on tracking down network intruders or at least ascertaining how they got in and what they did. Intruders can be internal or external attackers. When, what, where, and how they were able to gain access gives a network administrator clues to design flaws in the network architecture and shortcomings in policies or procedures. An introduction to investigations in the cloud is included along with the legal aspects of network investigations. This is a hands-on class in which students test network forensics tools and how to use them in internal or external investigations.

Pre-requisite(s) CIS 155 min 2.0
Program Admission Required Yes Admitted Program BAS - CIS
FeesCF

Quarters Typically Offered


Winter Evening
Spring Evening

Designed to Serve For students admitted to the BAS program in CyberSecurity and Forensics.
Active Date 2014-11-07

Grading Basis Decimal Grade
Class Limit 24
Contact Hours: Lecture 44 Lab 22 Field Studies 0 Clinical 0 Independent Studies 0
Total Contact Hours 66
Degree Distributions:
ProfTech Course Yes
Restricted Elective Yes
Course Outline
I. Review of Networks and Infrastructure
a. Defense in Depth
b. DMZs
c. Virtual machines and devices
II. Review of Device Forensics
III. Internet Protocols
a. Review of Internet Suite
b. Vulnerabilities of the protocols
IV. Network Based Evidence
a. Where to find evidence
b. Encryption
V. Network Evidence Acquisition
a. Popular tools
b. Physical interception
c. Traffic monitoring
VI. Network Evidence Analysis
a. Popular Analysis Tools including visualization tools
b. Packet Analysis
c. Flow Analysis
VII. Applying Statistics to the Evidence
VIII. Network Intrusion Detection
a. Install and use popular tools such as Snort, Wireshark, Alien Vault
b. How to recognize footprints
c. NIDs/NIPs
d. Packet Logging
IX. Network Devices and Logs
a. Log architecture
b. Log analysis
c. Routers, Switches and Firewalls
d. Web Proxies
X. Network Tunneling
XI. Malware Forensics
XII. Cloud Forensics
XIII. Forensics in the Internet of Things (IoT)
XIV. Network Forensics and Forensic Accounting
XV. Applicable Laws
a. Understanding the laws that may affect an investigation
b. Collecting evidence in a manner that can be presented in court



Student Learning Outcomes
Explain standard network infrastructure and how it affects investigations

Describe the reasons behind Defense in Depth, DMZs and the use of virtual machines in network infrastructure

Describe Internet protocols and their use such as IP, TCP, ARP, etc.

Explain how data hiding, encryption and other techniques are used by intruders

Explain and demonstrate where network based evidence can be found

Explain, install and demonstrate how to use popular network monitoring tools

Demonstrate how to perform packet and flow analysis.

Apply statistics to packet and flow analysis

Install and demonstrate competency in the use of popular tools such as Snort, Wireshark and Alien Vault

Demonstrate competency in the finding and analysis of log files from network devices such as routers and switches


Add to Portfolio (opens a new window)