Network forensics involves the identification, preservation, and analysis of evidence of attacks in order to identify the attackers and document their activity with sufficient reliability to justify appropriate technological, business, and legal responses. This course, however, only focuses on the technological and not on the legal components of the topic. The emphasis is on the network traffic analysis aspect, not on the host aspect. The technical aspect addresses analysis of intruder types and the intrusion process, review of network traffic logs (pcap, flow records) and profiles and their types, identification of attack signatures and fingerprints, application of data mining techniques, study of various traceback methods, and the extraction of information (e.g. from malware, including botnet traffic) acquired through the use of network analysis tools and techniques. The class will not only cover the subjects in theory but instead also provide the students with an extensive hands-on experience. The class will involve a fair amount of programming.