Course

Electives in Cyber Security

Unit I

Introduction to Cyber Forensics – Basics of Cyber Forensics – Digital evidence and its types – Legal and ethical considerations.

Cyber Forensic Process – Identification – Preservation – Collection – amination – Analysis – Reporting.

Digital Forensics Techniques – Disk Forensics – File System Forensics – Network Forensics – Memory Forensics – Mobile Forensics – Cloud Forensics. Incident Response and Investigation – Incident response process – Incident response team – Chain of custody – Incident documentation.

Unit II

Introduction to Malware – Malware types (viruses, worms, Trojans, ransomware, etc.) – Malware attack vectors c. Malware behavior and functionality. Malware Analysis Techniques – Static Analysis – File signatures, Hash analysis, Strings analysis, Disassembly – Dynamic Analysis – Sandboxing, Debugging, Network analysis, System and registry monitoring.

Reverse Engineering – Assembly language basics – Disassemblers and debuggers – Control flow analysis – De-obfuscation techniques.

Unit III

Anti-Malware Techniques – Antivirus software – Host-based Intrusion Detection and Prevention Systems (HIDS/HIPS) – Firewalls – Application control and whitelisting – Security patches and updates.

Cybersecurity Best Practices – Security awareness and training – Defense in depth – Network segmentation – Data encryption – Strong authentication mechanisms – Regular security assessments and audits.

Course Objectives

• Provide learners with a comprehensive understanding of cyber forensics principles and techniques, enabling them to effectively identify, preserve, analyze, and report on digital evidence in various cybercrime investigations.
• Equip learners with the knowledge and skills to analyze and reverse-engineer malware using various analysis techniques, fostering an understanding of malware types, attack vectors, and behavior.
• Develop learners’ proficiency in incident response and investigation, emphasizing the importance of following a structured process, maintaining a clear chain of custody for digital evidence, and applying cybersecurity best practices.

Course Outcomes

CO1: Understand the fundamentals of cyber forensics, including digital evidence, cyber forensic process, legal and

ethical considerations.

CO2: Develop proficiency in various digital forensics techniques to effectively analyze and investigate cyber

incidents.

CO3: Gain knowledge of malware types, behavior, and functionality, and learn how to identify, analyze, and reverse-engineer malicious software using static and dynamic analysis techniques.

CO4: Acquire the skills to properly respond to and investigate and mitigate cybersecurity threats and incidents.

CO-PO Mapping

Evaluation Pattern: 70:30

* CAT – Can be Quizzes, Assignment, and Reports

* CAL – Can be Lab Assessments, Projects, and Reports

**End Semester can be theory examination/ lab-based examination/ project presentation

Textbook(s)

Warren G. Kruse II and Jay G. Heiser, “Computer Forensics: Incident Response Essentials,” Addison-Wesley Professional, 1st edition, 2010.

Brian Carrier, “File System Forensic Analysis,” Addison-Wesley Professional, 1st edition, 2005.

Sherri Davidoff and Jonathan Ham, “Network Forensics: Tracking Hackers through Cyberspace,” Prentice Hall, 1st edition, 2012.

Reference(s)

Michael Sikorski and Andrew Honig, “Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software,” No Starch Press, 1st edition, 2012.

Michael Hale Ligh, Andrew Case, Jamie Levy, and Aaron Walters, “The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory,” Wiley, 1st edition, 2014.

Eldad Eilam, “Reversing: Secrets of Reverse Engineering,” Wiley, 1st edition, 2005.