CPRE536 · Computer & Network Forensics

Digital Forensics —
evidence & analysis.

Investigated digital evidence collection, preservation, and analysis techniques for incident response, applying forensic tools to reconstruct attack timelines and prepare court-ready reports.

overview

What I
learned.

CPRE536 introduces the fundamentals of computer and network forensics, including forensic duplication and analysis, network surveillance, intrusion detection and response, incident response workflows, and privacy protection techniques. The course also covers cyber law, policy, and communicating findings through court-ready reports and testimony.

highlights

Key
topics.

Forensic Duplication
Practised forensic imaging and chain-of-custody procedures to ensure evidence integrity for legal proceedings.
Network Surveillance
Captured and analysed network traffic to detect intrusions, reconstruct attack timelines, and identify compromised systems.
Incident Response
Followed structured incident response workflows — identification, containment, eradication, recovery, and lessons learned.
Cyber Law & Policy
Studied legal frameworks governing digital evidence, privacy protections, and the admissibility of forensic findings in court.

labs

Hands-on
work.

Labs emphasised practical experience with standard forensic tools and methodologies. I worked with tools such as FTK and EnCase for disk imaging, evidence analysis, and timeline creation. Exercises also included network packet capture and analysis, intrusion detection signatures, and preparing professional reports suitable for legal contexts.

FTK EnCase Disk Imaging Wireshark Intrusion Detection Incident Response Chain of Custody
View on GitHub →