Courses
  /  
Descriptions
EECS 397, 497: Digital Forensics and Incident Response

Quarter Offered

Winter : 11-12:20 MW ; Chen

Description

OVERVIEW: This course will focus on Digital Forensics and Incident Response (Investigations). This class will introduce the basic theory of Digital Forensics and in the lab, we will actually apply the knowledge in practical scenarios. The goal is to learn how to investigate the digital artifacts left on hard drives, logs and other networking devices. The course shall prepare you to conduct data preservation and analysis on Windows, Linux and Macintosh platforms. Students will also get exposure to the Techniques, Tactics and Procedures (TTPs) of the prominent Threat Actors and will learn to conduct digital investigations with a sound process.

The co-instructor of this course will be an Incident Response Practitioner (Jibran Ilyas from Stroz Friedberg) who investigates data breaches for living, therefore, the course material and homework assignments will be based on real life forensic investigations. 

We will learn about different kind of attacks and how they can be detected via forensic investigations. Understanding the concepts of Evidence Collection, Host-Based Analysis, Memory (RAM) Analysis and Log Analysis will be essential in all fields of software development and computing. If you have any questions, please contact one of the instructors below or send an email to all instructors by clicking here.

  • This course satisfies the Project Requirement and is approved for Systems Breadth in the CS curriculum in McCormick and Weinberg

COURSE COORDINATOR(S):  Prof. Yan Chen

PREREQUISITES:

  • EECS 213 (Introduction to Systems)
  • EECS 354 (Networking Penetration and Security) OR EECS 343 (Operating Systems)
  • If you have taken neither EECS 354 nor EECS 343 yet, but have scored A- or higher in EECS 213, please email me your CV with information on related courses taken and grades. I will make a decision after collecting all the feedback.

LOCATION & TIME:

Location: Mondays in M164, Technological Institute, Wednesdays in Wilkinson Lab.
Time: Mon/Wed 11:00am - 12:20pm

OFFICE HOURS:

  • On-site hours in Wilkinson Lab after Wed class
  • Available upon requests.

GRADING:

  • 40% Lab Assignments
  • 25% Midterm Project
  • 35% Final Project

For the labs, please remember to check out with one of the teaching staff at the end of each lab, and then we will discuss solutions.