Introduction to Security and Network Forensics

[New Web-based material] The content for the units is here:

1. Introduction to Security - [Unit 1]
2. Principles of IDS - [Unit 2]
3. Principles of Encryption [Unit 3].
Additional: Principles of Software Encryption [Link]
4. Principles of Authentication [Unit 4].
5. Software Security [Unit 5].
6. Network Security [Unit 6].
Additional: Principles of Wireless Security [Watch Lecture].
Additional: Principles of Digital Forensics [Link Pt1] [Link Pt2 - Network Forensics].
7. Introduction to Risk [Unit 7].
8. Threats [Unit 8]
9. Network Forensics [Unit 9].
Additional: Live Forensics [Watch Lecture].
10. Obfuscation and Data Hiding [Unit 10].
11. Web Infrastructures [Unit 11].
12. Cloud Computing [Unit 12].

The book includes labs to build a basic toolkit [here].

Bill's Home Page [here]

Podcasts

Podcast (iPhone/iPad): Part 1
Podcast (iPhone/iPad): Part 2

Associated software

Advanced Toolkit: Toolkit.
- Demo: [SQL demo]
Download WinPCap.
Download Snort.

Stand-alone lectures

Introduction to Security [Download standalone version].
Principles of IDS [Download standalone version].
Principles of Encryption [Download standalone version].
Principles of Authentication [Download standalone version].
Software Security [Software Security standalone].
Network Security [Network Security standalone].
Forensic Computing [Forensic Computing standalone]

Associated Labs

PDF. [.NET] Lab 1: Reading from network adaptor. Lab
PDF. [.NET] Lab 2: Data packet capture (filtering). Lab.
PDF. [.NET] Lab 3: Data packet capture (filters: IP, TCP, and so on). Lab.
PDF. [.NET] Lab 4: ARP Detection.
PDF. [.NET] Lab 5: Calling Snort. Lab.
PDF. [.NET] Lab 6: Using Snort to Detect Attacks. Lab.
PDF. [.NET] Lab 7: Private-key Encryption.
PDF. [.NET] Lab 8: Public-key Encryption.
PDF. [.NET] Lab 9: Log/Events.
PDF. [.NET] Lab 10: TCP Forensics.
PDF. [.NET] Lab 11: Binary Reader/File Signature Analysis.
PDF. [.NET] Lab 12: Role-based security.
PDF. Lab: PGP Encryption.

Sample Coursework (Network Forensics)

A company (MyComp) has had a security breach where it is alleged that there has been illegal file sharing on the corporate server. The company has managed to get a virtual image of the computer, which contains traces of evidence that could be used for the investigation. It is thus your objective to investigate the virtual image, and produce a fair and unbiased report on the finds. You will be provided with a DVD of the image. The trace is in virtual image, but can also be downloaded from:

http://www.soc.napier.ac.uk/~bill/cw_capture.rar

Test 1 Sample

[My study guide]. New: [Study methods]
Sample test. [Alt].
Spreadsheet checker for inferred marks [Here].

Study areas: [Here].
Practice test: [Here].
Millionaire test: [Here]. Make a million (some of the questions might not appear in the right way - and will overflow the text boxes).