Network Forensic Analysis
MET CS 703 EL
Instructor
Stuart Jacobs, MSc, CISSP
Lecturer, Computer Science Department Metropolitan College Boston University
Office hours: One hour prior to class by prior arrangement
Office Address: 808 Commonwealth Ave., Room 250. Boston, MA 02215.
E-mail: sjjacobs@bu.edu
Course Description
This course provides an introduction to the methodology and procedures associated with
digital forensic analysis in a network environment. Students will develop an
understanding of the fundamentals associated with the topologies, protocols, and
applications required to conduct forensic analysis in a network environment. Students
will learn about the importance of network forensic principles, legal considerations, digital
evidence controls, and documentation of forensic procedures. This course will incorporate
demonstrations and laboratory exercises to reinforce practical applications of course
instruction and will require an independent research paper related to the course topic.
Prerequisites
Knowledge of information technology fundamentals (computer hardware, operating
systems, applications and networking) is required. Successful completion of CS 625, CS
535, or permission of the instructor is also required.
Required Course Books

Computer Forensics : Investigating Network Intrusions and Cyber Crime, ECCouncil, ISBN-13: 978-1-4354-8352-1, ISBN-10: 1-4354-8352-9
 Computer Forensics : Investigating Wireless Networks and Devices, EC-Council,
ISBN-13: 978-1-4354-8353-8, ISBN-10: 1-4354-8353-7
 Handbook of Digital Forensics and Investigations, Eoghan Casey ed., Elsevier
Academic Press,
ISBN 13: 978-0-12-374267-4
These textbooks can be purchased from Barnes and Noble at Boston University.
Courseware
This course uses Online Campus (Blackboard). Once the course starts all students must use
the Online Campus Dashboard internal messages service. Students are required to use
Online campus:

for reading assignments beyond text book assigned reading,

Submitting homework assignments,

Submitting lab exercises,

Taking on-line quizzes,

Participating in discussion threads,
Page 1 of 13

Taking the on-line final examination and practice final exam, and

All course related email correspondence.
Class Policies
1) Attendance & Absences

Students are required to attend the four scheduled on-campus lectures (9/5, 10/3.
11/7, 12/5) and the final exam on 12/12.

Students must notify the instructor in advance if unable to attend any on-campus
lecture
2) Assignment, Lab Exercise and Discussion Completion & Late Work

Homework assignments are mandatory, must be completed and submitted in a
timely manner, and are required to be submitted via Online Campus for this course.
For each day after the submission date a homework assignment is due will result in
a penalty of 3 points. Homework assignments passed in that are over 5 days late
will receive a grade of zero (0). If a student will be unable to submit an assignment
by its due date, the student must contact the instructor in advance to avoid the late
submission penalty.

Lab exercises: are mandatory, must be completed and submitted in a timely manner,
and are required to be submitted via Online Campus for this course. For each day
after the submission date a lab exercise is due will result in a penalty of 3 points.
Lab exercises passed in that are over 5 days late will receive a grade of zero (0). If a
student will be unable to submit a Lab exercise by its due date, the student must
contact the instructor in advance to avoid the late submission penalty.

Student postings to discussion topic after the listed closing dates will not be counted
when calculating a student’s discussion grades.
3) Academic Conduct Code – Cheating and plagiarism will not be tolerated in any
Metropolitan College course. Such activities/behavior will result in no credit for the
assignment or examination and may lead to disciplinary actions. Please take the time to
review the Student Academic Conduct Code:
http://www.bu.edu/met/metropolitan_college_people/student/resources/conduct/code.ht
ml.
Such activities/behavior includes copying (even with modifications) of another
student’s work or letting your work to be copied. Your participation in interactions with
the instructor and your classmates is encouraged, but the work you submit must be your
own. Collaboration is not permitted.
Page 2 of 13
Class Meetings, Lectures, Assignments, Lab Exercises & Examinations
The course will include four (4) class sessions held at the Boston University campus. The class
session will include lectures, laboratory exercises, and an interactive exchange of course related
concepts and materials. These sessions also provide students with the opportunity to interact with
other students and the course instructor. The proposed class session dates are listed below
(subject to change based on course and instruction requirements):
On-campus class
session
Will occur on
Session 1
September 5, 2015 between 1 PM and 4 PM EDT
Session 2
October 3, 2015 between 1 PM and 4 PM EDT
Session 3
November 7, 20153 between 1 PM and 4 PM EST
Session 4
December 5, 2015 between 1 PM and 4 PM EST
Final Exam
December 12, 2015 between 1 PM and 4 PM EST
Students are expected to read the documents listed in the Study Guide prior to each face-to-face
session. These documents can be downloaded from the Blackboard Discussion ‘From your
Instructor’ area. We will be discussion each document that is assigned to a session.
Failure to read these documents prior to each session will negatively affect your Discussion
grades.
On-line Live sessions

There will be a number of one hour on-line sessions, in addition to on-campus meetings
identified above, which will be held on:
Thursday evening on 9/17, 10/1, 10/15, 10/29, 11/12, and 12/10 at 7:00 PM ET
During these on-line sessions I will hold a question & answer period.. Attendance is not
required at these sessions but highly recommended. All on-line sessions will be recorded
and archived. The archived recordings will be accessible from the Online Campus
Dashboard under the heading “Live Classroom (Question & Answer) Sessions”.
Assignments

All homework assignments are identified within the Online campus Study Guide.

File names for assignment documents should be:
CS703-HW<number>-<student last name>.doc
An example assignment document file name is:
CS703-HW5-Jacobs.doc
Student submissions which fail to follow this direction will have 5 points deducted!

Student assignment submissions must be no more than 4 pages in length, be single
spaced, use 12 point Times Roman type font and 1” margins on all sides. Student
submissions which fail to follow this direction will have 5 points deducted!

Include the file name in the header and a page number in the footer of you assignment
submission document. Student submissions which fail to follow this direction will have 5
points deducted!
Page 3 of 13

Title cover pages are not required and should not be used;

Assignment submission documents MUST be in Word 2003 or Word 2007 file formats
that are NOT encoded in XML;

Quoted material and citations must follow the American Psychological Association
(APA) format with a reference section at the end of a student’s submitted work. Please
refer to the http://www.apastyle.org/ web site for guidance on following the APA style
guide.

Students are required to comply with the directions contained within the document
APA Criteria for Course.pdf
whenever the work of others is used as part of a student’s assignment submission. Failure
to do so will result in points being deducted for the assignment grade.

Wikipedia is a useful starting point for finding information about a subject BUT NOT an
acceptable direct reference source. One should only reference or quote from primary
(source) documents.
Lab Exercises

Lab exercises(Hands-on Projects) are identified within the Assignment description
document for each course module.

File names for lab exercise documents should be:
CS703-LAB<number>-<student last name>.doc
An example lab exercise document file name is:
CS703-LAB5-Jacobs.doc
Student submissions which fail to follow this direction will have 5 points deducted!

Students should enter their lab exercise answers direct within each lab exercise document
and then submit the completed document appropriately renamed as stated above;

Lab exercise submission documents MUST be in Word 2003 or Word 2007 file formats
that are NOT encoded in XML.
Page 4 of 13
Student Work Due Dates
Assignment 1
Assignment 2
Assignment 3
Assignment 4
Assignment 5
Assignment 6
Quiz 1
Quiz 2
Quiz 3
Quiz 4
Quiz 5
Quiz 6
Discussion 1
Discussion 2
Discussion 3
Discussion 4
Discussion 5
Discussion 6
Lab Exercise 1
Lab Exercise 2
Lab Exercise 3
Lab Exercise 4
Submission Due Date
without Penalty
9/19
10/3
10/24
11/14
11/28
11/12
9/19
10/3
10/24
11/14
11/28
11/12
9/19
10/3
10/24
11/14
11/28
12/12
10/3
10/24
11/14
11/28
Page 5 of 13
Last Allowed Submission Date
with Late Penalty
924
10/8
10/29
11/19
11/19
Late not allowed
Late not allowed
Late not allowed
Late not allowed
Late not allowed
Late not allowed
Late not allowed
Late not allowed
Late not allowed
Late not allowed
Late not allowed
Late not allowed
Late not allowed
10/8
10/29
11/19
12/3
Study Guide
On campus Face-to-face Session 1
Meeting
9/5 between 1pm and 4pm hours ET
Date
Preparatory
Reading
To be read
prior to
attending
session
Association of Computing Machinery (1992) ACM code of ethics and professional conduct.
Communications of the ACM, 35(5), pp. 94-99,
(file: ACM code of ethics and professional conduct.pdf)
Anderson, R.E., Johnson, D.G., Gotterbarn, D., & Perrolle, J. (1993) Using the New ACM Code
of Ethics in Decision Making. Communications of the ACM, 36(2), pp. 98-107,
(file: p98-anderson.pdf)
Hofstede, R., Celeda, P., Trammell, B., Drago, I., Sadre, R., Sperotto, A., & Pras, A., (2014).
Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and
IPFIX. IEEE Communications Surveys & Tutorials, 16(4), pp.2037-2064. doi:
10.1109/COMST.2014.2321898,
(file: Flow Monitoring Explained- From Packet Capture.pdf)
McRee, R. (2013, August) C3CM: Part 1 – Nfsight with Nfdump and Nfsen. ISSA Journal, pp.
29-32
(file: C3CM Part 1 - Nfsight with Nfdump and Nfsen.pdf)
Nehinbe, J. O. (2010) Log Analyzer for Network Forensics and Incident Reporting. Intelligent
Systems, Modelling and Simulation, International Conference on, pp. 356-361
(file: Log Analyzer for Network Forensics.pdf)
Reith, M., Carr, C., & Gunsch, G. (2002) An Examination of Digital Forensic Models.
International Journal of Digital Evidence, 1(3), pp. 1-12
(file: An Examination of Digital Forensic Models.pdf)
Willson, D. (2013, August) Legal Issues of Cloud Forensics. ISSA Journal, pp. 25-28
(file: Legal Issues of Cloud Forensics.doc)
Module 1 Study Guide and Deliverables
Investigating Network Intrusions and Cyber Crime Preface and Chapter 1
Investigating Network Intrusions and Cyber Crime Chapter 2
Handbook of Digital Forensics and Investigations Chapter 1
Readings
Handbook of Digital Forensics and Investigations Chapter 2
Blackboard Module 1 Text pages
Please complete the Introduction Discussion before you continue in the course.
Discussions
Discussion 1 postings due 9/19 at 6:00 AM (0600 hours) ET
Assignments Assignment 1 is due 9/19 at 6:00 AM (0600 hours) ET
Assessments Quiz 1 is due 9/19 at 6:00 AM (0600 hours) ET
Lab
There is no Lab Exercise for this module
exercises
Page 6 of 13
Module 2 Study Guide and Deliverables
Investigating Network Intrusions and Cyber Crime Chapter 3
Investigating Network Intrusions and Cyber Crime Chapter 4
Readings
Handbook of Digital Forensics and Investigations Chapter 10
Blackboard Module 2 Text pages
Discussions Discussion 2 postings due 10/3 at 6:00 AM (0600 hours) ET
Assignments Assignment 2 due 10/3 at 6:00 AM (0600 hours) ET
Assessments Quiz 2 due 10/3 at 6:00 AM (0600 hours) ET
Lab
Lab Exercise 1 - Windows 7 Logs due 10/3 at 6:00 AM (0600 hours) ET
exercises
On campus Face-to-face Session 2
Classroom
10/3 between 1pm and 4pm hours ET
Meeting
Preparatory
Reading
To be read
prior to
attending
session
Divyesh, G.D.D & Nagoor, M.A.R. (2014). Forensic Evidence Collection by Reconstruction of
Artifacts in Portable Web Browser. International Journal of Computer Applications, 91(4),
pp. 32-35.,
(file: Forensic Evidence Collection by Reconstruction.pdf)
Dormann, W. & Rafail, J. (2011) Securing your web browser. CERT, Software Engineering
Institute Carnegie Mellon University, pp. 1-18,
(file: Securing your web browser.pdf)
Dukes, L., Yuan, X., & Akowuah, F. (2013, April). A case study on web application security
testing with tools and manual testing. In Southeastcon, 2013 Proceedings of IEEE, pp. 1-6.,
(file: A Case Study on Web Application Security Testing.doc)
Marco Tabini (2011) Learn the basics of Web browser security. MacWorld.com, pp. 1-2,
(file: Learn the basics of Web browser security_Security_Macworld.pdf
Martellaro, J. (2011) The State of Browser Security. The Mac Observer, pp. 1-3,
(file: The State of Browser Security 2011 Analysis.pdf)
Mylonas, A., Tsalis, N., & Gritzalis, D. (2013). Evaluating the manageability of web browsers
controls. In Security and Trust Management, pp. 82-98.,
(file: Evaluating the manageability of web browsers controls.pdf)
Webdevout (2011) Web Browser Security Summary. pp. 1-8,
(file: Web Browser Security Summary.pdf)
Gugelmann, D., Gasser, F., Ager, B., & Lenders, V. (2015). Hviz: HTTP (S) traffic aggregation
and visualization for network forensics. Digital Investigation, 12, S1-S11.
file: HTTPS traffic aggregation and visualization.pdf)
Page 7 of 13
Module 3 Study Guide and Deliverables
Investigating Network Intrusions and Cyber Crime Chapter 5
Investigating Network Intrusions and Cyber Crime Chapter 6
Readings
Investigating Network Intrusions and Cyber Crime Chapter 7
Blackboard Module 3 Text pages
Discussions Discussion 3 postings due 10/24 at 6:00 AM (0600 hours) ET
Assignments Assignment 3 due 10/24 at 6:00 AM (0600 hours) ET
Assessments Quiz 3 due 10/24 at 6:00 AM (0600 hours) ET
Lab exercise 2 - Windows Host Intrusion Detection due 10/24 at 6:00 AM (0600
Lab
hours) ET
exercises
Module 4 Study Guide and Deliverables
Investigating Wireless Networks and Devices Chapter 1
Investigating Wireless Networks and Devices Chapter 2
Readings
Handbook of Digital Forensics and Investigations Chapter 11
Blackboard Module 4 Text pages
Discussions Discussion 4 postings due 11/14 at 6:00 AM (0600 hours) ET
Assignments Assignment 4 due 11/14 at 6:00 AM (0600 hours) ET
Assessments Quiz 4 due 11/14 at 6:00 AM (0600 hours) ET
Lab exercise 3 – Windows Software Firewalls due 11/14 at 6:00 AM (0600 hours)
Lab
ET
exercises
Page 8 of 13
On campus Face-to-face Session 3
Classroom
11/7 between 1pm and 4pm hours ET
Meeting
Preparatory
Reading
To be read
prior to
attending
session
Palomo, E. J., North, J., Elizondo, D., Luque, R. M., & Watson, T. (2012). Application of
growing hierarchical SOM for visualisation of network forensics traffic data. Neural
Networks, 32, 275-284
file: Application of growing hierarchical SOM.pdf)
Al-Mahrouqi, A., Abdalla, S., & Kechadi, T. (2014, October). Network Forensics Readiness
and Security Awareness Framework. In International Conference on Embedded Systems in
Telecommunications and Instrumentation (ICESTI 2014), Algeria, October 27-29 2014
(file: Network Forensics Readiness.pdf)
Bates, A., Butler, K., Haeberlen, A., Sherr, M., & Zhou, W. (2014, February). Let SDN be your
eyes: Secure forensics in data center networks. In Proceedings of the NDSS Workshop on
Security of Emerging Network Technologies (SENT’14).
(file: Let SDN Be Your Eyes:.pdf)
Paglierani, J., Mabey, M., & Ahn, G. J. (2013, October). Towards comprehensive and
collaborative forensics on email evidence. In Collaborative Computing: Networking,
Applications and Worksharing, 9th International Conference Conference on, 11-20
(file: Towards Comprehensive and Collaborative Forensics on Email Evidence.pdf)
Guo, H., Jin, B., & Qian, W. (2013, April). Analysis of Email Header for Forensics Purpose. In
Communication Systems and Network Technologies (CSNT), 2013 International
Conference on, 340-344
(file: Analysis of Email Header for Forensics Purpose.pdf)
Ruan, K., Carthy, J., Kechadi, T., & Baggili, I. (2013). Cloud forensics definitions and critical
criteria for cloud forensic capability: An overview of survey results. Digital Investigation,
10(1), 34-43.
(file: Cloud forensics definitions and critical criteria.pdf)
Shah, J. J., & Malik, L. G. (2013, December). Cloud Forensics: Issues and Challenges. In
Emerging Trends in Engineering and Technology (ICETET), 6th International Conference
on,138-139. IEEE
(file: Cloud Forensics Issues and Challenges.pdf)
Shah, J. J., & Malik, L. G. (2014, February). An approach towards digital forensic framework
for cloud. In Advance Computing Conference (IACC), 2014 IEEE International, 798-801.
IEEE.
(file: An approach towards digital forensic framework for cloud.pdf)
Bhatt, P., Toshiro Yano, E., & Gustavsson, P. M. (2014, April). Towards a Framework to
Detect Multi-stage Advanced Persistent Threats Attacks. In Service Oriented System
Engineering (SOSE), 8th International Symposium on, 390-395. IEEE.
(file: Towards a Framework to Detect Multi-Stage Advanced Persistent Threats Attacks.pdf)
De Vries, J., Hoogstraaten, H., van den Berg, J., & Daskapan, S. (2012, December). Systems for
Detecting Advanced Persistent Threats: A Development Roadmap Using Intelligent Data
Analysis. In Cyber Security (CyberSecurity), International Conference on, 54-61. IEEE.
(file: Systems for Detecting Advanced Persistent Threats.pdf)
Virvilis, N., Gritzalis, D., & Apostolopoulos, T. (2013, December). Trusted Computing vs.
Advanced Persistent Threats: Can a defender win this game?. In Ubiquitous Intelligence and
Computing, 10th International Conference on and 10th International Conference on
Autonomic and Trusted Computing, 396-403. IEEE.
(file: Trusted Computing vs. Advanced Persistent Threats.pdf)
Page 9 of 13
Module 5 Study Guide and Deliverables
Investigating Wireless Networks and Devices Chapter 3
Investigating Wireless Networks and Devices Chapter 4
Readings
Blackboard Module 5 Text pages
Discussions Discussion 5 postings due 11/28 at 6:00 AM (0600 hours) ET
Assignments Assignment 5 due 11/28 at 6:00 AM (0600 hours) ET
Assessments Quiz 5 due 11/28 at 6:00 AM (0600 hours) ET
Lab exercise 4 - Network Traffic Analysis Using Windows due 11/28 at 6:00 AM
Lab
(0600 hours) ET
exercises
On campus Face-to-face Session 4
Classroom
12/5 between 1pm and 4pm hours ET
Meeting
Preparatory
Reading
To be read
prior to
attending
session
Rani, D. R., & Geethakumari, G. (2015, January). An efficient approach to forensic
investigation in cloud using VM snapshots. In Pervasive Computing (ICPC), 2015
International Conference on (pp. 1-5). IEEE.
(An Efficient Approach to Forensic Investigation in Cloud using VM Snapshots.pdf)
Morioka, E., & Sharbaf, M. S. (2015, April). Cloud Computing: Digital Forensic Solutions. In
Information Technology-New Generations (ITNG), 2015 12th International Conference on
(pp. 589-594). IEEE.
(Cloud Computing Digital Forensic Solutions.pdf)
Kadivar, M. (2014). Cyber-Attack Attributes. Technology Innovation Management Review,
4(11).
(Cyber-Attack Attributes AND Assessing the Intentions and Timing of Malware.pdf)
Maheux, B. (2014). Assessing the Intentions and Timing of Malware. Technology Innovation
Management Review, 4(11).
(Cyber-Attack Attributes AND Assessing the Intentions and Timing of Malware.pdf)
Paverd, A., Martin, A., & Brown, I. (2014). Security and Privacy in Smart Grid Demand
Response Systems. In Smart Grid Security (pp. 1-15). Springer International Publishing.
(Security and Privacy in Smart Grid.pdf)
Kumar, V., Oikonomou, G., Tryfonas, T., Page, D., & Phillips, I. (2014). Digital investigations
for IPv6-based Wireless Sensor Networks. Digital Investigation, 11, S66-S75.
(Digital investigations for IPv6-based Wireless Sensor Networks.pdf)
Chen, S., Zeng, K., & Mohapatra, P. (2014). Efficient data capturing for network forensics in
cognitive radio networks. Networking, IEEE/ACM Transactions on, 22(6), 1988-2000.
(Efficient Data Capturing for Network Forensics in Cognitive Radio Networks.pdf)
Module 6 Study Guide and Deliverables
Investigating Network Intrusions and Cyber Crime Chapter 8
Readings
Investigating Network Intrusions and Cyber Crime Chapter 9
Investigating Network Intrusions and Cyber Crime Chapter 10
Investigating Network Intrusions and Cyber Crime Chapter 11
Blackboard Module 6 Text pages
Discussions Discussion 6 postings due 12/12 at 6:00 AM (0600 hours) ET
Assignments Assignment 6 due 12/12at 6:00 AM (0600 hours) ET
Assessments Quiz 6 due 12/12 at 6:00 AM (0600 hours) ET
Discussion Threads

Each course module includes a discussion topic that students are required to participate
in. Student discussion postings will be graded as per the “Discussion Grading Rubric”
under the Online Campus “ Syllabus and Course Information” area.
Page 10 of 13
Examinations

Students are required to take six on-line quizzes (one per module) while the course is
running. Students will be allowed 60 minutes to complete each quiz. A student may take
each of these quizzes starting when a quiz becomes available via Online Campus. Each
quiz will close at 6 AM ET on the date the next Module starts and not be reopened except
for unusual circumstances as decided by the instructor. If a student cannot complete a
quiz during the week each quiz is available, the student must make prior arrangements
with the instructor.

EL students are required to take a proctored final exam that will be held in class on
Saturday 12/12/2015 and last 3 hours. This exam is open book and open notes.

If the final will be missed it will be the responsibility of the student to arrange with the
professor a mutually agreeable schedule for completion of work.

A practice final exam will be available on Online Campus which can be taken as many
times as a student wishes.

If any work is to be completed beyond the scheduled dates of this course the student must
negotiate a Boston University "Contract for an Incomplete Grade" with the professor
prior to the end of the class.
Grading Criteria
Students will have to do homework assignments to help you master the material. You will
also have to read the textbooks and to be ready to discuss the issues related to the current
class topics.
Grades will be based on:
 home work assignments (25%)
 quizzes (25%)
 lab exercises (10%)
 discussion thread participation (10%)
 proctored final exam (30%)
Grade ranges are as follows:
 94 <= is an A
 90 <= and < 94 is an A 87 <= and < 90 is a B+
 84 <= and < 87 is a B
 80 <= and < 84 is a B 77 <= and < 80 is a C+
 74 <= and < 77 is a C
 70 <= and < 74 is a C 60 <= and < 70 is an F
Course Learning Objectives
Upon successful completion of this course you will understand:
 How to look for evidence in both wired and wireless networks
 Perform end to end forensic investigations
 Collect evidence from log files
Page 11 of 13



Understand the importance of time synchronization
How to use typical forensic investigation tools
Follow a scientific approach to investigate network security events and incidents
Course Outline
Module 1:
Introduction to Network Forensics and Investigating Logs
Network Traffic Investigations
Module 2:
Web Attack Investigations
Router Forensics
Module 3:
Denial of Service Investigations
Internet Crime Investigations
Email Crime Investigations
Module 4:
Wireless Attack Investigations
PDA Forensics
Module 5:
iPod and iPhone Forensics
Blackberry Forensics
Module 6:
Corporate Espionage Investigations
Trademark and Copyright Investigations
Investigating Sex Related Activities
Non-required textbooks and references good for further study
Suggested Course Books
There will be no reading assignments from the following book. However you will find it a
valuable resource to anyone involved in the Information Security area.
Engineering Information Security: The Application of Systems Engineering Concepts
to Achieve Information Assurance, Stuart Jacobs, IEEE Press Series on Information
and Communication Networks Security, Wiley-IEEE Press; 1 edition, ISBN-10:
0470565128, ISBN-13: 978-0470565124
The above book covers the subject area of information security from an engineering
perspective
Recommended Books
There will be no reading assignments from these books. However you will find each to be
valuable resources to anyone involved in the Information Security area.
Firewalls and Internet Security, Repelling the Wily Hacker, William R. Cheswick, and
Steven M. Bellovin, Addison-Wesley, 1994
Page 12 of 13
The above book is a classic for its very detailed treatment for stateful firewalls and DMZs
and is still relevant today.
Practical UNIX & Internet Security, 2nd Edition, ,Simson Garfinkel and Gene Spafford:
O'Reilly, 1996
The above book is a classic for its very detailed treatment of general networking security
and hardening of unix type operating systems and is still relevant today.
Hacking Expose Network Security Secrets & Solutions, 2nd Edition, Joel Scambray,
Stuart McClure, and George Kurtz, McGraw-Hill, 2001
The above book provides an interesting look into those involved in malware and some of
the techniques used for breaching targeted systems.
Security Engineering; A Guide to Building Dependable Distributed Systems, Ross
Anderson, Wiley, 2001
The above book is an interesting collection of discussions on security engineering and
associated challenges.
Computer Related Risks, Peter G. Neumann, Addison-Wesley, 1995
The above book is one of the definitive texts on the basic concepts of what constitutes
risks, especially information security risks.
Applied Cryptography, Bruce Schneier, 2nd Edition, Wiley & Sons, 1996
The above book is an excellent source for details on most any encryption algorithm you
are likely to encounter. Most any version, starting with the 2nd edition, will be invaluable.
Student Conduct Responsibilities
Notice of Criminal, Civil, and Administrative Responsibility
The legal and authorized use of the materials, software, applications, processes, techniques or
services described in this course, presented in written or verbal form, are the sole responsibility
and liability of the individual student. The course instructor and Boston University assume no
liability as for any damages resulting from unauthorized use of the knowledge gained by
student(s) from material covered in this course.
The content and use of the course materials, software, applications, processes, techniques or
services described in presentation materials or conveyed verbally by the course instructor may be
limited or restricted by federal, state or local criminal and/or civil laws or the acceptable use in
corporations, businesses or organizations.
It is the responsibility of the student to ensure that they do not perform any action, process or
technique that could violate any criminal, civil or administrative laws, regulations and/or policies.
There shall be no liability on the part of the course instructor for any loss or damage, direct or
consequential arising from the use of this information or any action by student(s) that is
determined to be in violation of any federal, state and/or local civil or criminal law, or for
violation of any administrative regulation, policy or acceptable use policy that results in
prosecution, or any loss, to include termination of employment, forfeiture, restitution or fines.
Student enrollment in this course will constitute an agreement to the aforementioned terms and
conditions of student responsibilities and liabilities.
Page 13 of 13