NETS1032

Network Device Forensics

Introduction

This module provides some conceptual and practical information on doing forensic investigations of network devices, in particular infrastructure devices such as routers.

For your lab work, ensure you have access to both a Linux desktop environment with root, and a Windows desktop with Administrator. You will be showing your work to the professor throughout the semester, so you will need to be able to share your lab system screen, and the lab system you use will need to be clearly identified as your own (you should use your own name for the login, or at least something unique to you). No marks will be given for showing work on a lab system which is not your own.

Learning Objectives

At the end of this module, students will:

These objectives are in support of Learning Outcomes 1, 2, and 3 in the Course Outline.

To do List

Lesson Material

Learning Activity

Watch the videos from the presentation, as well as the videos listed under additional resources. Briefly review the materials available at the other websites listed under Additional Resources. Do the Network Device Forensics Assignment.

Additional Resources

General resources

Videos

Graded Activity

The lab instructions tell you what parts of the lab activity are graded, and when you need to be capturing screenshots during the lab.

Quiz

The quiz is found on Blackboard under Assignments and Tests.

Test

There is no separate test for this topic. The quiz will count for your testing mark in this topic.

Summary

In this module, we worked with network device configuration information identify suspicious changes to devices and extract artifacts of interest to a forensic investigation. You should have:

Completing the quiz will provide you with a measure of your knowledge in these areas. For the next class you should have your computing environment available with access to both Linux and Windows.