Course Outline
SEC706 Network Forensics
Course Coordinator:Andrew Lee (alee1@usc.edu.au) School:School of Science, Technology and Engineering
2024Trimester 2
UniSC Sunshine Coast |
Blended learning | Most of your course is on campus but you may be able to do some components of this course online. |
Online |
Online | You can do this course without coming onto campus. |
Please go to usc.edu.au for up to date information on the
teaching sessions and campuses where this course is usually offered.
What is this course about?
Description
This online course teaches you how to monitor the network for traffic anomalies and identify attacks and instructions across points of interest within the network infrastructure environment. Through practical applications and real world investigations You will develop the skills required to monitor and analyse network traffic to assist in incident response and forensic investigation.This includes performing activities such as packet capture and protocol analysis as well as data collection, aggregation and intelligence analysis.
How will this course be delivered?
| Activity | Hours | Beginning Week | Frequency |
| Blended learning | |||
| Learning materials – Asynchronous learning material | 2hrs | Week 1 | 12 times |
| Tutorial/Workshop 1 – On campus workshop | 2hrs | Week 1 | 12 times |
| Seminar – On campus seminar | 1hr | Week 1 | 2 times |
| Online | |||
| Learning materials – Asynchronous learning material. | 2hrs | Week 1 | 12 times |
| Tutorial/Workshop 1 – Synchronous online workshop | 2hrs | Week 1 | 12 times |
| Seminar – Online seminar | 1hr | Week 1 | 2 times |
Course Topics
Topics will include:
Types of evidence, acquisition & packet analysis
Proxies
Protocol analysis
Logging & log collectors
Forensic log management & log reporting
Netflow
Firewall and IPS
SOAR & continuous packet capture platforms
Acquisition architecture investigation techniques
Introduction to forensic report-writing
What level is this course?
700 Level (Specialised)
What is the unit value of this course?
12 units
How does this course contribute to my learning?
| Course Learning Outcomes On successful completion of this course, you should be able to... | Graduate Qualities Completing these tasks successfully will contribute to you becoming... | |
| 1 | Demonstrate knowledge of network forensics evidence acquisition processes and techniques. | Knowledgeable |
| 2 | Identify and explain current cyber attacks, relevant network controls, infrastructure interception points, standard and advanced security intelligence platforms | Creative and critical thinker |
| 3 | Develop practical skills to detect, extract and analyse all relevant forensic artefacts. |
Empowered Engaged |
| 4 | Develop and produce reports suitable for admission as case evidence, that describe identification, search and seizure requirements and examine and analyse provided evidence. |
Empowered Engaged |
Am I eligible to enrol in this course?
Refer to the UniSC Glossary of terms for definitions of “pre-requisites, co-requisites and anti-requisites”.
Pre-requisites
SEC705
Co-requisites
Not applicable
Anti-requisites
Not applicable
Specific assumed prior knowledge and skills (where applicable)
Not applicable
How am I going to be assessed?
Grading Scale
Standard Grading (GRD)
| High Distinction (HD), Distinction (DN), Credit (CR), Pass (PS), Fail (FL). |
Details of early feedback on progress
Using marking rubrics, students will participate in continuous peer and self-assessment tasks. Opportunities will be provided during tutorials for peer-review of responses to online tutorial questions.
Assessment tasks
| Delivery mode | Task No. | Assessment Product | Individual or Group | Weighting % | What is the duration / length? | When should I submit? | Where should I submit it? |
| All | 1 | Portfolio | Individual | 20% | Weekly Entry (250 Words / Week) |
Refer to Format | Online Assignment Submission with plagiarism check |
| All | 2 | Practical / Laboratory Skills | Individual | 40% | 1 Hour |
Week 8 | Online Assignment Submission with plagiarism check |
| All | 3 | Report | Individual | 40% | 3000 Words |
Exam Period | Online Assignment Submission with plagiarism check |
| All - Assessment Task 1:Competency Portfolio | |
| Goal: | To demonstrate knowledge of network forensics evidence acquisition processes and techniques. |
| Product: | Portfolio |
| Format: | Submit: Weekly from Week 2 to 11 The response format for assessment item 1 may utilise a number of formats (e.g. Q/A Style short answer, technical Wiki Article or Blog Entry), all written from the perspective of a Cyber Security professional to address weekly questions. |
| Criteria: |
|
| All - Assessment Task 2:Network Attack Practical | |
| Goal: | To sit a practical involving an ongoing attack and will be required to utilise tools taught throughout semester to capture Indicators of Compromise, attacker identification and packet capture and log artefacts. |
| Product: | Practical / Laboratory Skills |
| Format: | Online interactive practical lab consisting of equally weighted challenges. |
| Criteria: |
|
| All - Assessment Task 3:Network Forensics Report | |
| Goal: | To prepare a report appropriate for submission as legal evidence in line with Australian federal law. |
| Product: | Report |
| Format: | A written network forensics report providing a high-level summary suitable for executive level communication articulating the chronological order of events as well as a high level and deep-dive explanations of events within a case. |
| Criteria: |
|
Directed study hours
A 12-unit course will have total of 150 learning hours which will include directed study hours (including online if required), self-directed learning and completion of assessable tasks. Student workload is calculated at 12.5 learning hours per one unit.
What resources do I need to undertake this course?
Please note: Course information, including specific information of recommended readings, learning activities, resources, weekly readings, etc. are available on the course Canvas site– Please log in as soon as possible.
Prescribed text(s) or course reader
Specific requirements
Not applicable
How are risks managed in this course?
What administrative information is relevant to this course?
Assessment: Academic Integrity
Academic integrity is the ethical standard of university participation. It ensures that students graduate as a result of proving they are competent in their discipline. This is integral in maintaining the value of academic qualifications. Each industry has expectations and standards of the skills and knowledge within that discipline and these are reflected in assessment.
Academic integrity means that you do not engage in any activity that is considered to be academic fraud; including plagiarism, collusion or outsourcing any part of any assessment item to any other person. You are expected to be honest and ethical by completing all work yourself and indicating in your work which ideas and information were developed by you and which were taken from others. You cannot provide your assessment work to others. You are also expected to provide evidence of wide and critical reading, usually by using appropriate academic references.
In order to minimise incidents of academic fraud, this course may require that some of its assessment tasks, when submitted to Canvas, are electronically checked through Turnitin. This software allows for text comparisons to be made between your submitted assessment item and all other work to which Turnitin has access.
Assessment: Additional Requirements
Your eligibility for supplementary assessment in a course is dependent of the following conditions applying: The final mark is in the percentage range 47% to 49.4% The course is graded using the Standard Grading scale You have not failed an assessment task in the course due to academic misconduct
Assessment: Submission penalties
Late submission of assessment tasks may be penalised at the following maximum rate: - 5% (of the assessment task's identified value) per day for the first two days from the date identified as the due date for the assessment task. - 10% (of the assessment task's identified value) for the third day - 20% (of the assessment task's identified value) for the fourth day and subsequent days up to and including seven days from the date identified as the due date for the assessment task. - A result of zero is awarded for an assessment task submitted after seven days from the date identified as the due date for the assessment task. Weekdays and weekends are included in the calculation of days late. To request an extension you must contact your course coordinator to negotiate an outcome.
SafeUniSC
UniSC is committed to a culture of respect and providing a safe and supportive environment for all members of our community. For immediate assistance on campus contact SafeUniSC by phone: 07 5430 1168 or using the SafeZone app. For general enquires contact the SafeUniSC team by phone 07 5456 3864 or email safe@usc.edu.au.
The SafeUniSC Specialist Service is a Student Wellbeing service that provides free and confidential support to students who may have experienced or observed behaviour that could cause fear, offence or trauma. To contact the service call 07 5430 1226 or email studentwellbeing@usc.edu.au.
Study help
For help with course-specific advice, for example what information to include in your assessment, you should first contact your tutor, then your course coordinator, if needed.
If you require additional assistance, the Learning Advisers are trained professionals who are ready to help you develop a wide range of academic skills. Visit the Learning Advisers web page for more information, or contact Student Central for further assistance: +61 7 5430 2890 or studentcentral@usc.edu.au.
Wellbeing Services
Student Wellbeing provide free and confidential counselling on a wide range of personal, academic, social and psychological matters, to foster positive mental health and wellbeing for your academic success.
To book a confidential appointment go to Student Hub, email studentwellbeing@usc.edu.au or call 07 5430 1226.
AccessAbility Services
Ability Advisers ensure equal access to all aspects of university life. If your studies are affected by a disability, learning disorder mental health issue, injury or illness, or you are a primary carer for someone with a disability or who is considered frail and aged, AccessAbility Services can provide access to appropriate reasonable adjustments and practical advice about the support and facilities available to you throughout the University.
To book a confidential appointment go to Student Hub, email AccessAbility@usc.edu.au or call 07 5430 2890.
Links to relevant University policy and procedures
For more information on Academic Learning & Teaching categories including:
- Assessment: Courses and Coursework Programs
- Review of Assessment and Final Grades
- Supplementary Assessment
- Central Examinations
- Deferred Examinations
- Student Conduct
- Students with a Disability
For more information, visit https://www.usc.edu.au/explore/policies-and-procedures#academic-learning-and-teaching
Student Charter
UniSC is committed to excellence in teaching, research and engagement in an environment that is inclusive, inspiring, safe and respectful. The Student Charter sets out what students can expect from the University, and what in turn is expected of students, to achieve these outcomes.
General Enquiries
-
In person:
- UniSC Sunshine Coast - Student Central, Ground Floor, Building C, 90 Sippy Downs Drive, Sippy Downs
- UniSC Moreton Bay - Service Centre, Ground Floor, Foundation Building, Gympie Road, Petrie
- UniSC SouthBank - Student Central, Building A4 (SW1), 52 Merivale Street, South Brisbane
- UniSC Gympie - Student Central, 71 Cartwright Road, Gympie
- UniSC Fraser Coast - Student Central, Student Central, Building A, 161 Old Maryborough Rd, Hervey Bay
- UniSC Caboolture - Student Central, Level 1 Building J, Cnr Manley and Tallon Street, Caboolture
- Tel:+61 7 5430 2890
- Email:studentcentral@usc.edu.au