Host forensics involves the identification, preservation, and analysis of evidence of attacks in order to identify the attackers and document their activity with sufficient reliability to justify appropriate technological, business, and legal responses. This course focuses on the technological and not on the legal components of the topic. The emphasis is on the host aspect, not on the network aspect. The technical aspect addresses analysis of intruder types and the intrusion process, review of attacks and their types, identification of attack signatures and fingerprints, application of data mining techniques, study of varied discovery methods including reverse engineering, and the extraction of information from hard disks and devices. The class will not only cover the subjects in theory but instead also provide the students with an extensive hands-on experience. The class will involve a fair amount of programming.
Schaefer School of Engineering & Science
Research & Education
Ph.D., Computer Science, Vrije Universiteit Amsterdam, The Netherlands, 2010
M.Sc., Computer Science, Leiden University, The Netherlands, 2005
B.Sc., Computer Science, University of Crete, Greece, 2002