Digital Forensics and Cyberattack Detection

Short Description:
This course provides a comprehensive approach to the principles, technologies, and practices of responding to modern cyber threats. Through a combination of theoretical lectures and hands-on laboratory exercises, students explore fundamental concepts of information systems security, techniques for identifying and analyzing threats, and methods for incident response. Emphasis is placed on understanding key standards and methodologies, as well as applying incident management and cyberattack analysis procedures in both real-world and simulated environments.

Objectives - Learning Outcomes:
Upon completion of the course, students will be able to understand and interpret modern cyber threats, recognize patterns of malicious activity, and apply effective incident response procedures. They will gain the ability to analyze data from multiple sources to detect suspicious behavior, design and implement containment and recovery strategies, and utilize methodologies and frameworks such as MITRE ATT&CK for analyzing advanced persistent threats (APTs). Furthermore, students will combine Threat Hunting and Threat Intelligence techniques to proactively detect and mitigate threats in networks and systems.

Syllabus:

• Introduction to Cyber Threats: Core concepts, types of attacks, current trends, and the importance of early detection and prevention.
• Laboratory Environment & DFIR Infrastructure: Familiarization with tools, procedures, and log sources used in digital forensic and incident response (DFIR) scenarios.
• Digital Forensics: Processes of evidence collection, documentation, preservation, and analysis of digital artifacts. Legal framework and data integrity assurance.
• Log Analysis and Event Detection: Techniques for recognizing suspicious activity through log and metadata analysis.
• Monitoring and Detection: Network monitoring methodologies, data flow analysis, alert generation, and false positive management.
• Intrusion Detection and Prevention Systems (IDS/IPS): Architecture, operation, and deployment of intrusion detection/prevention systems. Signature and anomaly-based traffic analysis.
• Indicators of Compromise (IoCs): Identification, creation, and use of IoCs for detecting and mitigating attacks.
• Threat Hunting: Proactive strategies and techniques for discovering threats before exploitation. Use of analytical data and tools to identify suspicious patterns.
• Advanced Persistent Threats (APTs) & MITRE ATT&CK Framework: Study of APT groups, life cycle, tactics, and techniques. Mapping attacks to the MITRE ATT&CK framework.
• Incident Response: Detection, classification, containment, recovery, and verification following a cyber incident. Development of rapid response processes and defense reinforcement strategies.
• Integration of DFIR, Threat Hunting & Threat Intelligence: Combining analytical data and methodologies to achieve a holistic view of the threat landscape. Capstone exercise simulating the detection, investigation, and mitigation of a cyberattack.

Suggested Bibliography:

• Souris, A., Patsos, D., & Grigoriadis, N. (2004). Information Security. Nees Technologies Publications. ISBN 9608105668
• Katsikas, S., Gritzalis, S., & Lambrinoudakis, C. (2021). Information and Systems Security in Cyberspace. Nees Technologies Publications. ISBN 9789605780647
• Stallings, W., & Brown, L. (2016). Computer Security: Principles and Practice. Kleidarithmos Publications. ISBN 9789604616688
• Oettinger, W. (2022). Learn Computer Forensics: Your One-Stop Guide to Searching, Analyzing, Acquiring, and Securing Digital Evidence (2nd ed.). Packt Publishing.
• Hassan, N. A. (2019). Digital Forensics Basics: A Practical Guide Using Windows OS. Apress.
• IEEE Transactions on Information Forensics and Security
• IEEE Transactions on Dependable and Secure Computing
• Proceedings on Privacy Enhancing Technologies
• Journal of Internet Services and Applications (Springer)
• International Journal of Information Security (Springer)
• Journal of Network and Systems Management (Springer)
• IEEE Security & Privacy
• Computers & Security (Elsevier)
• Information and Computer Security (Taylor & Francis)
• International Journal of Information Security (Emerald)

Teaching Methods:
Teaching combines lectures covering fundamental principles and standards of digital forensics and threat analysis with laboratory exercises conducted in virtualized environments using open-source and specialized analysis tools. Simulation-based cyberattack scenarios and a final project or examination allow students to synthesize theoretical knowledge with applied practical skills.

New Technologies:
Digital platforms are used for course management, material distribution, assignment submission, and communication. Laboratory activities are conducted in virtual environments utilizing open-source and specialized forensic and threat analysis tools.

Evaluation Methods:
Evaluation consists of: 30% from an individual or group project assessing analytical ability, tool application, and result presentation. 70% from a final written examination assessing theoretical understanding, critical thinking, and problem-solving ability.