CSEC 2213 — Network Forensics and Incident Response
This course teaches the fundamentals of incident response and network forensics. An overview of operating systems will then lead to a systematic approach to incident response will be reviewed, focusing on a six step process (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned.) Network Forensics (tcpdump, Wireshark, nfsen,) and legal aspects of both investigation and preservation will be discussed.