Course Code
Course Title

Malware and Digital Forensics

Description

Malware Analysis, Malware Incident response;  Analyzing  Physical  Process Dumps  for Malware Artifacts; Discovering and Extracting Malware and Associated Artefacts from Windows and Linux; Advanced Malware; Investigative and Forensic Methodologies; Forensic Analysis, Preservation and Examination of Volatile Data; Recovery of Deleted Files; Building Live Response Toolkit; Volatile Data and Non-Volatile Data Collection methodologies in Windows and Linux Live Systems; Data analytics; Windows System Forensics; Incident Response Tool Suites for Windows; Memory Forensics Methodology for Windows and Linux; Windows Memory Forensics Tools; Linux Memory Forensics Tools;  Forensic Examination of Compromised Systems; Filesystem Forensics, Network Forensics, Using Linux as a Forensic Platform, Audit Trail, Report Writing, Expert Witness.

Lab/Software

For the practical component of this course, students should be introduced to using antivirus tools to confirm maliciousness, using hashes to identify malware, gleaning information from a file’s strings, functions, and headers. Perform   static and dynamic analysis, demonstrate understanding of Sandboxing and Anti-sand Boxing. Conduct investigative forensic methodologies to demonstrate the use of hex editors to extract file formats and systems, use of a Linux system as forensic station, artefact extraction form web browsers, recovering deleted files using forensic tools, write report on the investigation.

Tools: md5deep, PotentialKeylogger, ApateDNS, NetCat, Wireshark, VMware, FTK, Winhex, X-Ways Forensics, Autopsy/ The Sleuth Kit.