01.pdfvxcvxcvxcvxcvxcvxcvxcvxcvxcvxcvxcvxcv

DIGITAL
TP
Co

€ Structure 3

Course Type: Core Theory Course

se Objective:
Develop a comprehensive understanding of digital forensic principle, including file system
analysis, volatile data security, and chain of custody, ensuring effective evidence acquisition
and admissibility

Co
COL: Understand the fundamental principles of digital forensic invest
COX To Analyze fil

se Outcome

ystems and disk structures commonly encountered in digital forensics,
COR Toevaluate techniques ecurin
cos: 1

COS: To Understand the importance of Chain of Custody and maintaining admissibility of

volatile data and document

stand the concept and significance of the chain of custody in digital forensics,

evidence,
MODUL

Definition and history of digital forensics. Types of digital evidence and their sources. The role

roduetio

to Digital Forensics

of digital forensics in investigations. D

al forensics tools and techniques. Legal and ethical

considerations when conducting di

MODUL
Basic Principles of Digital Forensics Investigation

The digital forensic investigation process. Evidence collection and documentation. Analysis of
dig

al evidence. Report writin

and presentation. Ethics and professionalism in digital

MODULE 3
Systems and Disk Structures

Overvie

of file systems and disk structures. Understanding file systems and partitions. File
allocation table and new technology file system (NTFS). Ext file system and its structure
Other file systems used in digital forensics

MODULE 4
Data Acquisition and Preservation

Acquisition of digital evidence. Understandi

evidence acquisition,

Preservation of digital evidence. Techniques for securing volatile data, Documentation of data

MODULE 5
Chain of Custody and Evidence Handling

Definition and importance of chain of custody. Evidence hand
label
Admissibility of digital evidence in court

procedures. Packaging and

of digital evidence. Secure stora

and transportation of digital evidence

Textbook References:
1. Altheide, C., & Carvey, H. (2

2. Casey, E (2

tal Forensics with Open Source Tools. Syn

22). Digital Evidence and Computer Crime: Forensic Science, Computers
and the Internet (th ed). Academic Press,

Carrier, B. (2021). File System Forensic Analysis. Addison-Wesley Professional
Rog.

Sammons, J. (2023). The Basics of Digital Forensics: The

s. M. (2023). Digital Forensies: Concepts, Techniques, and Tools. Syngress.

Primer for Getting Started in
Digital Forensics (3rd ed). Syngress.

Digital Readings:

1. Quick, D., & Choo, K. (2022). Challenges in Digital Forensic Investigation: A Systematic
Literature Review. Computers & Security, 109, 102301. doi:10.1016),.cose.2022. 102301
Pollit, M. M. & Kessler, G. C. (2022). Digital Forensics: Perspectives, Challenges, and
ind Law, 176), 1-14. Retrieved

Future Directions. Journal of Digital Forensies, Security

from
Casey, E., Richard III, G. G., & Caldwell, M. S. (2
Tools: The Legal, Ethical, and Professional Issues. Journal of Digital Forensies, Security

al Forensics

22). Open Source E

and Law, 17), 1534, Retrieved from

‘CYBER SECURITY
LEP
COURSE OBJECTIV
The course aims to impart a comprehensive understanding of cyber security fundamentals

SSENTIALS AND INCIDENT RESPONSE MANAGEMENT
4 Course Type: Core Theory Course

Structure 3-1

encompass
trends

COURSE OUTCOME!
COL: To provide a
COZ: To gain knowled;

COS: To leam about incident response and learn to prepare a

eats, Security features, incident response, threat intelligence, and eme

The outcome ofthis course isto

m understanding ofthe fundamentals of cyber security andthe threats tit

of various security features within the cyber world

n incident response map if a
COS: To develop an understanding of cyber threat intelligence and techniques to tackle cyber

COS: To lear about emerging trends in cyber security

MODULE 1
1
Definition of Cyber Security, Concept of information security, Importance of protecting

roduction to Cyber Security

information assets, Risks associated with eyber attacks, Impact of cyber attacks on individuals

nizations and society, Types of Cyber Attacks: Threat Actors and their Motivations: Types
of threat actors (hacktivists, eyber eriminals, nation-states), Motivations of threat actors
(financial gain, political or ideological motives, espionage) . Cyber Security Standards and Best

Practices, Overview of cyber security frameworks (NIST, ISO, CIS)

MODULE IL
Cyber Security Fundamentals

Network security principles (confidentiality, integrity, availablity), Types of network security
attacks (ma
asymmetric key, hashing), Encryption algorithms (AES, RSA, SHA), Access control models

n-the-middle, sniffing. spoof

Cryptographic techniques (symmetric key

(mandatory, discretionary, role-based), Types of authentication (single-factor, multifactor,
Common application security vulnerabilities (SQL. injection, eross-site scrip

ng. buffer
overflow), Secure coding practices (input validation, error handling, code signing), Endpoint

security technologies (antivirus, anti-malware, firewalls), Endpoint security manag

MODULE III
1

Incident Response Framework: Incident response p

Response Management

ses (preparation, identification

sam roles and responsibilities

Incident Classification and Tri

Incident classification criteria (‘Triage process for incidents
(inital assessment, prioritization) Inc

ent Report

nd Communication: Incident reporting

requirements (internal, extemal), Incident communication protocols (sta

communication, public relations)

MODULEIV

Cyber Threat Intelligence

Definition of threat intelligence, Types of threat intelligence (strategic, tactical, operational,
Threat intel

race requirements and sources (internal and external sources). Zero-day attacks
and their significance, Collection sources for threat intelligence (OSINT, HUMINT, SIGINT),

Analysis techniques for threat intl

rence, Threat intelligence platforms and tools Types of

Techniques for threat hunting (network-based, endpoint-based,
hybrid) Data sources and collection methods for threat hunting

Oybe

Threat Landscape and

Trends. Current cyber threat landscape and trends

MODULE V
Emerging Trends in Cyber Security
Cloud Security. Internet of Things (OT) Security. Mobile Device Security. Artificial

in Cyber Security. Blockchain Security

Intelligence and Machine Learni

REFERENCES
1. Easttom, €. (2019). Computer Security Fundamentals. Pearson.

2. Pfleeger C.P. & Pfleeger S. L. (2018). Security in Computing. Pearson.
3. Doe, A. (2022). Cyber Security Best Pra

BOOKS REFERENCE:
1. Smith, J. 2019). Introduction to Cyber Security. ABC Publishing.
2. Anderson, R. (2018). Security Engineering: A Guide to Building Dependable
Distributed Systems. Wiley
3. Whitman, ME, & Mattord, H.. (2021). Principles of Information Security. Cenga
Lear

DIGITAL REFERENCES:
1

NETWORKING AND NETWORK FORENSICS
L-T-P-C Structure 3-1-0-4 Co
COURSE OBJECTIV

The course aims to provide a comprehensive understanding of computer networks, covering

se Type: Core Theory Course

types, design methodologies, security, and network forensics, while developing practical skills

in trafic analysis for anomaly detection and incident response,
COURSE OUTCOMES -
COA: Understand the fundamentals of computer networks, including types, topologies, and

gies and various LAN, WAN, and MAN

hodol

Acquire knowledge of network design n

technolo

COZ: Gain an understanding of network security threats, access control, authentication, and
network monitoring techniques.

COR: Leam the basics of network forensics, includin,

vidence collection, preservation, and
the use of forensic tools for analysis and reporting
cos

Develop skills in capturing, analyzing, and interpreting network trafic for anomaly
detection, signature analysis, and incident response purposes.

COS: Develop the skills of Network traffic capture and detect Network traffic anomaly

MODULE 1

Computer Networks and Protocols

Introduction to computer networks and their types. Network topologies and architectures, OSI

and TCPAP reference models. Data transmission techniques. Network protocols and their

functions. Network addressing

(DNS). Routi

Ind naming. [Pv and IPx6 addressing. Domain Name System

ind switching. Wireless networks, Network performance and optimization

MODULE 2
Network Architecture and Desi
ies. Network topologies and architectures. LAN, WAN, and MAN
technologies, Network devices and th
networking (SDN). Cloud computing and network design, Network security and risk
ault

Network design methodol
i functions. Network virtualization and software-defined

management, Network management and monitoring. Network troubleshooti

1g and

MODULE 3
Network Security and Monitoring
Network security threats and attacks. Access control and authentication. Firewalls, IDS, and

IPS. VPN and encryption. Network monitoring and trafic analysis. Incident response and

mana ment. Disaster

nent. Security policies and procedures. Risk assessment and mani

recovery and business con

MODULE 4
Network Forensics Investigation

Introduction to network forensics. Types of network forensics investigations. Network evidence
collection and preservation. Network forensic tools and techniques. Network log analysis and
correlation, Packet capture and analysis. Network reconstruction and timeline analysis
Network forensic reporting and documentation

MODULE 5
Network Tr
Network traffic capture and analysis. Network traffic protocols and their analysis. Network
alysis, Network trafic visualization,

trafic anomaly detection. Network trafic signature

Network trafic flow analysis. Network trafic forensies and incident response.

BOOKS REFERENCE:

1. “Computer Networking: A Top-Down Approach" by James F. Kurose and Keith W. Ross,
TCPAP Illustrated, Volume 1: The Protocols" by W Richard Stevens

2. "Computer Networks: A Systems Approach” by Larry L. Peterson and Bruce $. Davie
Network Warrior" by Gary A. Donahue

3. Network Security Essentials: Applications and Standards" by William Stalin
and Internet Security: Repelling the Wily Hacker" by William R. Cheswick, Steven M.
Bellovin, and Aviel D. Rubin.

4. Incident Response & Computer Forensics” by Jason Luttgens, Matthew Pepe, and Kevin
Mandia, "Computer Incident Response and Forensies Team Management” by Leighton
Johnson.

DIGITAL REFERENC

L-RP-C
COURSE OBJECTIVE:
De

calls, process and memory management, file systems, secu

Course

type: Core Theory

clop a comprehensive understanding of operating systems, including components, system

y protocols, and. recovery
techniques, while also gaining proficiency in analyzing system data, identifying malware, and
responding to cybersecurity incidents with
COURSE OUTCOMES -

COL: Understand operating syst

d and ethical considerations

m components, system calls, process management, memory

ns, storage devices, access control models, and security policies.

cor:
COB: Acquire, analyze, and report memory dat

Analyze filesystem architectures, types, analysis tools and recovery techniques.

identify malware, and recover encrypted data
from memory.
cos

COS: Monitor activity, respond to incidents, recover compromised systems, and consider legal

Analyze Windows registry, common keys, and event logs using relevant 100.

and ethical aspects
MODULE 1
their funct

1
Overview of OS components: kernel, shell, user interface. System calls and processes:Types of
system calls and their uses, Process management: creation, scheduling, synchronization,

roductio

to operat

1 systems a

1: Definition of an oper

Memory m

jgement and virtual memory: Memory hierarchy and organization, Virtual

1, demand paging

File systems and storage devices: File system of

nization: files, directories, attributes, Disk

and file system man 1: allocation, fragmentation, defragmentation, Protection and

Access control models: DAC, MAC, RBAC, Security policies and mechanisms: encryption,
authentication, auditing

MODULE 2
File system concepts and structures, File system architecture: block size, cluster size, inode

es:NTFS, EXT, XPS.Windows file systems (FAT, NTFS) and
Linux file systems (EXT, XFS) File system analysis tools: disk editors, ile carving,

directory entryFile system yy

extraction File system recovery techniques: undelete, partition recovery. fle carvi

Case studies and practical exereises.Analyzing and recovering files from a corrupted file

system, Recovering deleted files and partitions

MODULE 3
Introduction to memory forensics. Memory acquisition techniques: lve, dump, hibemation
Memory analysis phases: identification, extraction, analysis, reporting, Memory acquisition
ity. Redline, Men

analysis techniques: strings, DLLs, network connections, Case studies and practical exercises

and analysis tools, Memory acquisition tools: FTK Imager, Volat

MODULE

istry organization: Keys, val

Windows registry concepts and structures, Re

a types,

Common registry keys and their functions, Event logs and their analysis, Event log types:

analysis tools: LogParser, EventViewer, Splunk. Case

system, application, security. Event lo

studies and practical exercises, Analyzing registry entries to identify malware and system

changes, Analyzing event logs to identify system activity and security events

MODULE

User and system activity files: system, application, security

Network trafic: packet capture, flow analysis, Incident response and recovery strat

Incident response phases: preparation, identification, containment, eradi

lessons leamed. Recovery techniques: system restore, backup and restore, image deployment
L

Laws and r

and ethical considerations in digital forensics

ulations related to digital forensics: search and seizure, chain of custody, evidence
handling

Ethical considerations: privacy, confidentiality, professional conduct, Case studies and practical
Identifying and analyzing network trafic to detect and respond to security incidents,

Recover

2 compromised system using backup and restore techniques.

BOOKS REFERENCES:
1. Kerrigan, S., & Pajak, R. (2017), Cybercrime Inves

on Case Studies: An Excerpt from
Placing the Suspect Behind the Keyboard. Academic Press
Schell, B. H. Martin, C. & Greene, D. W. (2019). Cybercrime: Investigating
High-Technology Computer Crime (2nd ed). RoutledgeS,

Spinelli, R. (2019). Cybercrime Investig
Electronic Evidence (31d ed). Routledge

om: An Introduction to Forensic Science and

BOOKS REFERENCES:

1. Silberschatz, A Galvin, PB, & Gagne, G. (2018). Operating System Concepts (10th ed).
Wiley

Russinovich, M. E. Solomon, D. A. & Tonescu, A. (2012). Windows Internals, Part I

System Architecture, Processes, Threads, Memory Management, and More (7th ed.)

Microsoft Press.

Bach, M. J. (1986). The Design ofthe UNIX Operating System. Prentice Hal.

TION AND PRESERVATION LAB
Course ‘Type: Core Prag

COURSE OBJECTIVE:
This course is designed to provide students with a comprehensive understanding of dig
forensics, covering the identification, collection, preservation, and analysis of digital evidence

Students will explore a variety of digital forensics tools and techniques, gaining. practical

experience inh digital evidence from different sources.

COURSE OUTCOME:
COL: Demonstrate the a

bility to identify various types of digital evidence and their potential
CO2: Effectively use digital forensics tools and techniques in practical scenario.

Understand and apply legal and ethical principles in digital forensic investigations.

Collect digital evidence from multiple sources, ensuring its preservation and integrity

Write detailed forensic reports and maintain proper documentation, including evidence
labeling, and chain of custody procedures.
Practical
1. Identify different types of digital evidence and their sources,
. Explore and demonstrate the use of digital forensics tools and techniques.
à
4. Practice collecting digital evidence from various sources.
5. Write detailed forensic report based on a given case se
6. Document the acquisition process and verify the integrity of the acquired data
7. Demonstrate techniques for preserving volatile data during the acquisition process.
8. — Explore different methods and tools for securely storing di

9. Implement proper packaging, labeling, and documentation for stored evidence.

10. Package and label digital evidence, maintaining the chain of custody

Textbook References:

1. Altheide, C., & Carvey, H. (2022), Digital Forensics with Open Source Tools. Sy
2 Casey, E. (2022). Digital Evidence and Computer Crime: Forensic Science, Computers,

and the Internet (Ath ed). Aca
3. Carrier. B. (2021). File System Forensic Analysis. Addison-Wesley Professional
4. Rogers, M. (2023). Di
‘Sammons, J. (2023). The Basics of Di

ic Pres.

1 Forensies: Concepts, Techniques, and Tools. Syngress.

tal Forensics: The Primer for Getting Started in

Digital Forensics (3rd ed). Syngress.

Digital Readings:
Quick, D., & Choo, K. (2022). Challenges in D
Literature Review. Computers & Security, 109, 102301. doi:10.10167cose-2022.102301

al Forensic Investigation: A Systematic

CYBER SECURITY ESSENTIALS AND INCIDENT RESPONSE MANAGI

MENT LAB
Type: Core Theory C

L-TP-C Structure 0-0-42 Cours
COURSE OBJECTIVE:

This course aims to equip students with a deep understanding of cyber security prineiph

les and
practices through practical, hands-on experience. By exploring various types of cyber attacks and
their motivations, students will gain the ability to analyze real-world case studies and eifectively

apply cyber security standards. The course will cover the identification and mit

network security attacks, the configuration and management of endpoint security technologies,
and the development of incident response skill.

COURSE OUTCOMES: The outcome of this course is to

COL: Understand various types of eyber attacks and their underly

COZ: Analyze and apply cyber security standards through real-world case studies
COS: Identify and mi

te common network security attacks such as man-in-the-middle,

sniffing, and spootin

COS: Configure and manage endpoint security technologies 10 address application security

Implementing incident response frameworks and understanding the roles and

responsibilities of incident response teams.

1. Understand diferent types of cyber attacks and their motivations,
Analyze real-world case studies 10 apply eyber security standards effectively

3 Identify and m

ate common network security attacks (man-in-the-middle, sniffing,

spoofing),

4. Configure and manage endpoint security technologies to mitigate application security
vulnerabilities

Develop skills in implementing an incident response framework and understand

incident response team roles and responsibilities.

6. Applynetwork-based, endpoint-based, and hybrid threat hunting techniques.

7. Assess and implement security measures specific to cloud computing, IoT, and mobile
devices to mitigate associated risks.

8. Explore security implications of AL, machine learning, and blockehain in cyber security

and develop strategies to address challenges.

Conduct vulnerability assessments and penetration testing to identify security weaknesses

and evaluate effectiveness of security measures,

10, Simulate a real-world security incident scenario to apply incident response skills

NETWORKING AND NETWORK FORENSICS LAB

L-T-P-C Structure 0.0-4-2 Course Type: Core Theory Course
COURSE OBJECTIVE:

This course aims to provide a comprehensive understanding of computer networks, covering their

types, protocols, addressin
de

and naming schemes. Students will gain hands-on experience in

ning various network architectures, including LAN, WAN, MAN, as well as exploring
modern trends like virtualization and software-defined networking (SDN), The course emphasizes
the implementation of robust network security measures, encompassing access control

authentication, firewalls, VPNs, encryption, and the use of network monitorin

COURSE OUTCOMES:

COL: Design and implement network architectures (LAN, WAN, MAN) and incorporate
Virtualization and SDN technologies.

CO2: Implement and
authentication, firewalls, VPNs, eneryption, and monitoring tools

je network security protocols, including access contol

co:

‘Simulate and respond to network security incidents, coordinate responses, and enforce
security polices effectively

COA: Conduct network forensics invest

tions, including evidence collection, preservation,

analysis and detailed reporting of network incidents

COS: Capture and

yze network packets, detect anomalies in network trafic, and identify

potential security threats through various tools and techniques.

PRACTICAL:
1. To develop a practical understanding of computer networks, their types, protocols

2. To gain hands-on experience in designing network architectures, including LAN, WAN
MAN, virtualization, and software-defined networking (SDN)

3. To implement network security measures, ineludin
VPN, encryption, and network monitoring tools

access control, authentication, firewalls

To simulate and respond to network security incidents, including incident detection

response coordination, and security policy enforcement.

To learn network forensics investigation techniques, including evidence collection,

preservation, analysis, and reporting,

6. To capture and analyze network packets to investigate network trafic pattems, anomalies,
‘and potential security breaches
7. ‘To develop skills in detecting and analyzing anomalies in network trafic using various tools

and techniques.

8. To identify and analyze network trafic si etect and investigate pot

attacks.

e and analyze network trafic flows to ts into network behavior

e, and potential security issues.

10. To conduct network traffic forensics investigations and incident response activi

including reconstruction, timeline analysis, and documentation.

BOOKS REFERENCE
1. "Computer Networking: A Top-Down Approach” by James F. Kurose and Keith W. Ross
TCPAP Illustrated, Volume 1: The Protocols" by W. Richard Stevens

mputer Networks; A Systems Approach” by Larry L. Peterson and Bruce $. Davie,

ork Warrior" by Gary A. Donahue.

3. Network Security Essentials: Applications and Standards’ by William Stallings, "Firewalls
and Internet Security: Repelling the Wily Hacker” by William R. Cheswick, Steven M. Bellovin,
and Aviel D. Rubin,

4. Incident Response & Computer Forensics" by Jason Luttgens, Matthew Pepe, and Kevin
Mandia, "Computer Incident Response and Forensies Team Management" by Leighton Johnson.

DIGITAL REFERENCES:

OPERATING SYSTEM FORENSICS LAB

L-TP-C structure: 0-04 Cou
COURSE OBJECTIVE:
The course aims to provide students with a comprehensive understanding of operating systems,

Type: Core Theory

focusing on their definition, components, and functions. Students will explore system calls,

process management, and memory ment, gaining skills in process creation, scheduling

synchronization, and communication, The course delves into file system on

file system man:
COURSE OUTCOMES -
COL: Comprehend the definition, components (kernel, shell, user interface), and functions of

ment, and various file system types such as: NTFS, EXT, and X

ope
CO2: Gain knowledge of system cs

ating Systems in managing compu

ment, and memory manags

Is, process manage

including virtual memory concepts like paging and segment

€O3: Acquire skills in file system org
familiarity with various file system types (FAT, NTFS, EXT. XFS).
CO4: Explore and apply access control models, security policies, and mechanisms such as

nization, disk and file system mans

‘encryption, authentication, and auditing 10 protect digital asset.

COS: Develop hands-on experience in file system analysis, memory acquisition and analysis.

registry analysis, log file analysis, and incident response strategies, with an understanding

of relevant legal and ethical considerations

PRACTICAL
1. To familiarize students with the definition and components of operating systems, including

the kernel, shell, and user interface, and understand their functions in mi

To gain knowledge of diferent types of system calls and their uses, and develop skills in

process ma process creation, schedulin

To understand the memory hierarchy and organization learn virtual memory concepts such

nd segmentation, and explore techniques for efficent memory management

anization, disk and file system management, and learn about

different file system types such as FAT, NTFS, EXT, and XFS, Devel

y skills in disk
analysis, file recovery, and data protection,

ess control models like DAC, MAC, and RBAC, understand security
and apply

To explore ac

policies and mechanisms including encryption, authentication, and auditin

them to protect digital assets
6. To gain hands-on experience in analyzing Windows (FAT, NTFS) and Linux (EXT, XFS)
and metadata extraction. Recover

file sy tools like disk editors, fle carving

deleted files and partitions

7. To acquire skills in memory acquisition techniques, use memory analysis tools like FTK

Imager, Volatility, and Redline to identify malware and extract relevant information from
memory dumps.
8. To understand Windows registry concepts and structures, analyze registry entries to identify

malware and system chan

tools like

s. Learn event log analysis techniques using

LogParser, EventViewer, and Splunk

9. To explore techniques for monitoring user and system activities, analyze log files (system,
application, security), and capture and analyze network trafic. Develop incident response

and recovery strategies.

To understand laws and reg

ital forensics, including search and
seizure, chain of custody, and evidence handling. Discuss ethical considerations and
professional conduct ind

ital forensics investigations.

BOOKS REFERENCES:

1. Silberschatz, A., Galvin, P. B., & Gagne, G. (2018). Operating System Concepts (10th ed),
Wiley

2. Russinovich, M. E. Solomon, D. À. & lonescu, A. (2012). Windows Internals, Pa

1
System Architecture, Processes, Threads, Memory Management, and More (7th ed)
Microsoft Press.

Bach, M. J. (1986). The Design of the UNIX Operating System. Prentice Hall,
4. Blunden, B. (2018). Linux System Progı

snming: Talking Directly to the Kernel and C
Library, No Starch Press.

5. Carvey, H. (2014). Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for
Windows $ (4th ed). Syn

DIGITAL REFERENCES:
1

3