CS565 Digital Forensics and Incident Response

This course provides a comprehensive introduction to digital forensics and incident response (DFIR), equipping students with the knowledge and practical skills to investigate, analyze, and respond to cyber incidents. Students will learn how to collect, preserve, and analyze digital evidence across a variety of platforms, while adhering to legal and ethical standards. The course covers the lifecycle of incident response, from detection and containment to recovery and post-incident analysis, and prepares students to operate in both proactive and reactive roles within security operations. Topics include but are not limited to digital evidence handling, file system forensics (NTFS, FAT, EXT) and disk imaging, memory and volatile data analysis, log file analysis and event correlation, network forensics and packet inspection, malware analysis fundamentals, incident response frameworks (e.g., NIST, SANS), indicators of compromise (IOCs).