Professional Documents
Culture Documents
UNIVERSITY OF MADRAS
UNIVERSITY OF MADRAS
CENTRE FOR CYBER FORENSICS & INFORMATION SECURITY
Duration 2 years
Programme 5. Ability to come up with risk assessment and vulnerability assessment for
Outcomes securing the information in an organization.
7. Understanding the various Threats like virus worms etc. and also in
analyzing the malware with various Cyber Threat intelligence tools.
Page 2 of 90
M. Sc. Cyber Forensics & Information Security
Page 3 of 90
M. Sc. Cyber Forensics & Information Security
List of Courses:
Core/Elective/
Semester Course Code Title of the Course Credits
Soft Skill
III SSS C 214 Practical (E-Mail & Mobile Forensics) Core Paper-XIV 3
III SSS E 205 Embedded System and Security and Forensics Elective Paper-V 3
III SSS E 206 PCI, PoS and ATM Security Elective Paper-VI 3
Page 4 of 90
M. Sc. Cyber Forensics & Information Security
IV SSS C 216 Malware Analysis and Cyber Threat Intelligence Core Paper-XVI 4
Page 5 of 90
M. Sc. Cyber Forensics & Information Security
Units
Principles and Concepts of Cyber Criminology
I Crime, Tort & Misdemeanor - Cyber Space, Cyber Crime & Cyber Criminology- Information
Security - Conventional crimes vs Cyber Crimes.
Contemporary Forms of Crimes
II White Collar Crimes - Economic Offences - Organized Crimes – Terrorism - Crime and Media
and other contemporary forms of crimes.
Psychology of Cyber Criminals
Types of Cyber Criminals - Modus Operandi of Cyber Criminals - Profiling of Cyber Criminals
III
- Tools and Techniques adopted by Cyber Criminals - Psychological theories relating to cyber
criminals.
Criminal Justice System
Cyber Crime – Sociological and Criminological Perspectives - Causes of Cyber Crimes -
IV
Criminological Theories and Cyber Crime - Routine Activity Theory, Social Learning Theory -
Differential Association Theory, Differential Opportunity Theory
Criminal Justice Administration and Cyber Crimes
Police - Organizational structure of Police in India - Different wings in the States and Districts
V
and their functions - Police & Law Enforcement - F.I.R. - Cognizable and non-cognizable
offences - Bail-able and non-Bail-able offences – Arrest – Search – Seizure -Interrogation of
Page 6 of 90
M. Sc. Cyber Forensics & Information Security
suspects and witnesses - Charge sheet - Cybercrime cells - Structure & investigation of cybercrime
cases.
Judiciary - Different types of courts – Cyber Appellate Court / Tribunals - Powers – Proceedings
in the court before trial, after trial - Plea of guilty - Sentencing.
The Role of N.G.O.s in the Prevention of Cyber Crimes - The Role of Victims of Cyber- Crimes
in the Criminal Justice Administration
Crime Prevention - Crime and sense of security - Social control and crime prevention -
Community and crime prevention - Contemporary crime prevention strategies.
1. Goodman, S., & Soafer, A. (ed.) (2002).The Transnational Dimensions of
cybercrime.Washington: Hoover institution Press.
2. Reyes, A. (2007). Cybercrime investigations bridging the gaps between security
professionals, law enforcement and prosecutors. Rockland, MA: Syngress Pub.
3. Owens, C. L. (1997). Computer crimes and computer related or facilitated crimes. Federal
Bureauof Investigation.
References 4. Walker, C. (1998). Crime, criminal justice and the Internet. London: Sweet & Maxwell.
5. Swanson, Charles, R. (1983). Police administration: Structure, processes and behaviour.
New York: MacMillan Publishing Co., Inc.
6. Diaz, S. M. (1976). New dimensions to the police role and functions in India. Hyderabad:
National Police Academy.
7. Gautam, D. N. (1993). The Indian police: A study in fundamentals. New Delhi: Mittal
Publications.
8. Mathur, K. M. (1994). Indian police: Role and challenges. New Delhi: Gyan
Page 7 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 S S S S S M M M M M
CO 2 S S S S M M M M L L
CO 3 S S S M S L M M M L
CO 4 S S S S S S S M M M
CO 5 S S S S M S M M M M
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L - Low
Page 8 of 90
M. Sc. Cyber Forensics & Information Security
3. Describe how the CPU processes data and instructions and controls the operation of
all other devices.
Units
Computer Hardware Basics
Basics of Motherboard including CMOS and BIOS - Working of processors and types of
processors - System memory - Introduction to RAM - System storage devices : Types of hard
I disks - FAT, NTFS, RAID etc., Optical drives, Removable storage devices, Tape drives and
backup systems - Common computer ports – Serial – Parallel - USB ports etc. - Different input
systems - Key Board - Mouse etc. - Display arrays – VGA – SVGA – AGP - Additional display
cards - Monitors and their types - Printers and their types.
Operating Systems
Operating system basics: Functions of operating system, Functions of Client Operating System,
II Functions of Server operating system - Introduction to Command line operation - Basics on
files and directories - Details about system files and boot process - Introduction to device
drivers
Computer Principles and a Back Box Model of the PC
III Memory and processor - Address and data buses - Stored program concept - Physical
components of the PC and how they fit together and interact - Basic electrical safety -
Page 9 of 90
M. Sc. Cyber Forensics & Information Security
Motherboards and the design of the PC - Dismantling and re-building PCs - Power On Self Test
and boot sequence: Architecture of real mode, Interrupts, Start of boot sequence, Power On
Self Test (POST)
Introduction to Networking
What is networking? - Need for computer networks - Network Topologies - Types of networks
- Hardware needed for setting up simple LAN - Wireless networks and inter-connecting LANs
and WAN - Communication media - Network topologies and access methods - IEEE 802 series
standards - Wireless technology: Spread spectrum, WAP and WML - Access points, Service
IV
Set ID (SSID), Authentication methods (OSA, SKA) - Devices used in networking – Hubs –
Switches – Routers - Wireless Access Points etc - Physical connectivity between systems -
Types of Cables: Ethernet, Optical Fiber - Introduction to MAC address - Introduction to IP
address: IPv4, Classes of IP address, Need for subnetting, Basics of IPV6, Introduction to
Unicast, Multicast and Broadcast
Routing
Fundamentals of routing - Link State Routing - Distance Vector Routing – RIP – EIGRP –
V OSPF - Configuring Routers - Understanding the router architecture - Assigning IP address to
the routers - Configuring routing protocols
VI Types of connections – Circuit switched, Packet switched - Why packet switched is preferred
- Types of protocols and need for protocols - Packet switched Protocols - TCP/ IP
OSI Layers
Interconnecting disparate systems/ networks – issues - Open Systems Interconnect - Seven
layers and their functionality - Introduction to TCP/ IP: Origins of TCP/ IP and evolution of
VII
Internet - IP Layers Vs OSI - IP number concepts - Network address - Classes of Networks -
Subnet masking - Static and dynamic IP numbers – UDP - Establishing a TCP session (Three
way handshake) - Name to address translation - Domain Name System
Enterprise Networking
Configuring Server for enterprise networking - Introduction to Domains and Work groups -
Understanding DNS and configuring DNS - Introduction to ADS (Active Directory Service) -
VIII
File sharing within network - Understanding DHCP - Introduction to Mail Exchange server and
ISA server - Network operating system - Client Server applications - Peer to Peer Applications
- Measuring performance - Monitoring tools.
Page 10 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M L M S S S S S S
CO 2 L L L M S S S S S S
CO 3 M L M M S S S S S S
CO 4 M M L M S S S S S M
CO 5 L L L S S M M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L - Low
Page 11 of 90
M. Sc. Cyber Forensics & Information Security
Units
Overview of Information Security
What is Information and why should be protect it? - Information Security: Threats, Frauds,
Thefts, Malicious Hackers, Malicious Code, Denial of Services Attacks, Social Engineering -
I
Vulnerability – Risk: Risk definition, Types Risk – an introduction Business Requirements
Information Security - Definitions Security Policies: Tier1 (Origination Level), Tier2 (Function
Level), Tier3 (Application/Device Level), Procedures, Standards, Guidelines
Information Asset Classification
Page 12 of 90
M. Sc. Cyber Forensics & Information Security
Access Control
User Identity and Access Management - Account Authorization - Access and Privilege
IV Management System - Network Access Control - Operating Systems Access Controls -
Monitoring Systems Access Controls - Intrusion Detection System Event Logging –
Cryptography
Physical Security
Identify Security Issues to Assets and Protection mechanism: Security aspects – Security of
man, material, Information such as file, Commercial formula & technical information,
Design, sketches, models, cassettes etc., Information security, Computer hardware, software
and liveware security, Computer based financial frauds and computer viruses and worms,
V Current and future danger posing corporate executives. - Perimeter Security - Fire Prevention
and Detection - Safe Disposal of Physical Assets - Security devices: Access Control System –
Identity, screening, movement control, computer security systems; Security alarm systems,
Fire alarm systems – Fire prevention and precautions, protective equipment; Deployment of
Dog squad, Emergency preparedness plan, Security guards – Duties and responsibilities -
Modern Sophisticated equipment’s.
Emerging Technologies
Internet of Things: Overview of IoT - Key Features of IoT - IoT Architecture - Impact of
IoT on Business - Examples of IoT - Advantages and Disadvantages of IoT - IoT Hardware:
IoT Sensors, Wearable Electronics, Standard Devices - IoT Software - IoT technology and
Protocols - IoT Common Issues - IoT applications Domains - IoT Liability - IoT Security and
Threats: Mitigation
Page 13 of 90
M. Sc. Cyber Forensics & Information Security
Blockchain - Introducing Block chain - Public Vs. Private Blockchains - Data storage: What
is a Blockchain - Data Distribution: How is new data communicated? - Consensus: How do
you resolve conflicts? - Write Access: How do you control who can control your data? -
Defence: How do you make it hard for hackers? - Incentives: How do you pay validators?
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
Page 14 of 90
M. Sc. Cyber Forensics & Information Security
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M L M S S S S S S
CO 2 L L M M S S S S S S
CO 3 M S M M S S S M S S
CO 4 M M L M S S S S S M
CO 5 L L L S S M M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L - Low
Page 15 of 90
M. Sc. Cyber Forensics & Information Security
1. Handle the crime scene and to implement the best practices to find the cybercriminal.
Course 2. Collect and analyses the evidence from various operating systems and network devices.
Outcomes 3. Get the legal context in handling the evidences of cybercrime.
4. Practically know the workflow of the forensics analysis.
5. Understanding various cybercrimes and case studies related to it.
Units
Digital Investigation
Digital Evidence and Computer Crime - History and Terminology of Computer Crime
I
Investigation - Technology and Law - The Investigative Process - Investigative Reconstruction
- Modus Operandi, Motive and Technology - Digital Evidence in the Courtroom.
Understanding information
Methods of storing data: number systems, character codes, record structures, file formats and
file signatures - Word processing and graphic file formats - Structure and Analysis of Optical
II
Media Disk Formats - Recognition of file formats and internal buffers used by the most
common CD and DVD writing applications - Extraction of forensic artifacts with a view to
establishing possible provenance of a CD or DVD
Computer Basics for Digital Investigators
Computer Forensic Fundamentals - Applying Forensic Science to computers - Computer
III
Forensic Services - Benefits of Professional Forensic Methodology - Steps taken by computer
forensic specialists.
Types of Computer Forensics Tools and Technology
Tools and Types of Military Computer Forensics Technology - Tools and Types of Law
IV
Enforcement Computer Forensic Technology - Tools and Types of Business Computer
Forensic Technology
Page 16 of 90
M. Sc. Cyber Forensics & Information Security
VI Unix System Forensics: Introduction to UNIX - Boot Process, Forensic Duplication, File
System, User Accounts, System Configuration, Artifacts of user activities, Internet
communication, Cache - Macintosh Systems forensics : Introduction, Imaging and File system,
Property Lists, User Accounts, Applications, System Forensics, User Folders, User Folders:
Media Files, User Folders Application
Digital Evidence collection
Why Collect Evidence? - Collections Options – Obstacles - Types of Evidence - The rules of
VII
Evidence - Volatile Evidence - General Procedure - Collections and Archiving - Methods of
Collection – Artifacts Collection Steps - Controlling Contamination - The Chain of custody.
Electronic Discovery
Introduction to Electronic Discovery - Legal Context - Case management - Identification of
VIII
Electronic Data - Forensic Preservation of Data - Data Processing - Production f electronic data
- Case studies
Network Forensics
Introduction - Overview of Enterprise Network - Overview of protocols - Evidence
IX
preservation on networks - Collecting and interpreting network device configuration - Forensic
examination of network traffic - Network correlation
Building a forensically sound workflow
Choices: tools and approach - Forensic issues within the workflow including repeatability and
X
validity - Managing and preserving evidence - Other examination options - Review other
workflow tools and options and the circumstances in which they are useful.
Page 17 of 90
M. Sc. Cyber Forensics & Information Security
1. Computer Forensics: Cyber Criminals, Laws and Evidence by Marie-Helen Maras, 1st edition,
Jones and Bartlett Publishers, 1 February 2011
2. Computer Forensics, Computer Crime Scene Investigation by John.R.Vacca, 2nd Edition,
Charles River Media Publication, 15 June 2002
3. Handbook of Digital Forensics by Eoghan Casey, 2010, Elsevier
References 4. NIST guidelines on digital forensic processes
5. Cyber Forensics: A field manual for collecting, Examining, preserving evidence of computer
crimes by Albert Marcella, Jr., Doug Menendez, Second Edition, CRC Press 2007
6. Guide to Computer Forensics and Investigations, Processing Digital Evidence by Bill Nelson,
Amelia Phillips, Christopher Steuart, 4th edition, Delmar Cengage Learning, 28 Oct 2009
7. Digital Forensics for Legal Professionals - Understanding Digital Evidence from the Warrant to
the Courtroom by Larry Daniel, Lars Daniel, 1st edition, Syngress, 14 October 2011
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 S S S S S M M M M M
CO 2 S S S S M M M M L L
CO 3 S S S M S L M M M L
CO 4 S S S S S S S M M M
CO 5 S S S S M S M M M M
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L - Low
Page 18 of 90
M. Sc. Cyber Forensics & Information Security
1. Gain experience in utilizing Wireshark tool for packet sniffing and analysis tool.
2. Able to understand and have hands on experience in utilizing open source forensic tools.
3. To gain practical knowledge on Image hiding and recover using Steganography tools,
Metadata analysis using EXIF viewer - Image (jpg) and Video (MP4) and Time analysis
Course
Outcomes using Decode and Time Lord
4. To obtain experience in the process of Digital Forensics through Forensic Imaging using
a Write-blocker, Forensic Duplicator, Mounting Disk Images, Examination with
Autopsy and FTK.
5. Ability to handle the Digital Evidence
Page 19 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1
CO 2
CO 3
CO 4
CO 5
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 20 of 90
M. Sc. Cyber Forensics & Information Security
1. Identify the organization vulnerability to fraud and detect the countermeasures to these
occurrences.
2. Improvise the security in IT and Telecom Sectors.
Course
Outcomes 3. Enhance the use of technology and data analytics to mitigate fraud and misconduct risks
4. Evaluate the effectiveness of compliance program.
5. Preserve and create value from corporate governance and compliance programs
6. Acquiring the conceptual idea on frauds happening in the IT and Telecom Sectors.
Units
Introduction to BFSI
Banking: Introduction & Concept - Types of banks: RBI, Commercial, Cooperative, Regional
and Rural, Development banks, Small banks, Payment banks etc - Banking Regulations Act
1949 with specific reference to sec 5(c), - Forms of banking business - Ancillary services like
Trade Finance, Remittances, etc. - Types of deposits and accounts: Demand Deposits and types
- Current account and Savings account - Other savings account – salient features and benefits -
I
Kiddy bank, Daily Deposit Collection, Insurance linked Accounts, Jan Dhan account etc: Term
Deposits and types - Fixed Deposits, Recurring Deposits, Cumulative Deposits & Flexi
Deposits etc. - Loans and Advances: Demand Loan, Term Loan, Over Drafts & cash Credits,
Trade Finance, Bill purchase & Discount - Core Banking Solution – Salient features,
advantages and Risks - E-Banking services like – NEFT, RTGS, IMPS, UPI, USSD, E wallets-
Features and risks - Introduction to ATM Networks and how ATM services are managed
Banking Regulations and Basel Accord
II Need for Banking Regulations - Basel Committee - Basel Capitol Accord (BASEL I) - Salient
features and short comings - Basel II Accord: Three Pillar Concepts, Core Capital &
Page 21 of 90
M. Sc. Cyber Forensics & Information Security
Supplementary Capital - Risks and categories of risk: Credit Risk, Market Risk, Operational
Risk, Capital Adequacy Risk, Risk Adjusted Asset, Risk Weighted Asset
Frauds in BFSI
Definition of a fraud in banking and financial sector - Categories of fraud: Account related
fraud, Cheque related fraud, Advance related fraud, Alternate channel frauds - Internet Banking
related - Social Engineering, Phishing tactics - Some common frauds with ATMs: Frauds by
III
banking employees, Account related frauds - Input & output manipulation, User rights
escalation methods - Reporting of frauds - Frauds in insurance sector: Policy holder & claims
fraud, Intermediary fraud, Assessment related frauds - IRDA – Introduction, functions and
responsibilities
Money Laundering and Anti Money Laundering
Money laundering Definition: Common factors in money laundering - Stages of money
laundering: Placement, Layering, Structuring, Integration - Money Laundering Reporting
Officer (MLRO): The duties and responsibilities of the - The role of the MLRO, Generating
management information, Common MLRO problems
Recognition, handling and reporting transactions: The legal obligation to report - Designing
an effective internal reporting system - The MLRO’s evaluation process
Post-reporting considerations
Handling the risk of committing the tipping off offence - Constructive trusteeship - Responding
to discovery and enforcement orders - Terminating relationships - Subsequent client review
IV techniques - Secure record retention - Dealing with the authorities - Customer Due Diligence
and Risk Profiling - Understanding anti-money laundering tools and strategies in Banks
Security Controls typically available and Case studies
Log of User activities in the application - Logging exceptional events - Audit tools to analyze
data for exceptions - Change management procedures - Internal data consistency checks
Anti-money laundering and legal frameworks
International and regional bodies - International initiatives - Terrorist financing - The US Patriot
Act - The UK Model – The Jersey Strategy on Terrorist funding and money laundering -
National anti money laundering frameworks - PMLA 2002- Objectives and salient features -
Financial Intelligence Unit India (FIU-IND) - Financial Action task Force (FATF) -
Enforcement Directorate - Serious Fraud Investigation Office (SFIO) - KYC
Page 22 of 90
M. Sc. Cyber Forensics & Information Security
1. Gaur, K. D. (1987). Taxation, black money and the law. New Delhi: Deep & Deep
Publications.
2. Insurance Act, 1938.
3. Pitchandi N., &Sivamurthy A. (eds.). Prevention and detection of crimes in banks.
Madras: Institute of Criminological Research, Education & Services.
References
4. Reserve Bank of India (2009). Fraud risk management systems in banks – Role of
Chairman/Chief Executive Officers.
5. Reserve Bank of India (2011). Frauds: Classification and reporting. RBI/2011-12/74,
dated July 01, 2011.
6. Reserve Bank of India (2013). Master circular: Know Your Customer (KYC) norms/
Anti-Money Laundering (AML) Standards/Combating of financing of terrorism
Page 23 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 L M L M S S S S S S
CO 2 L L M M S S S S S S
CO 3 M S M S S S S M S S
CO 4 M M L M S S S S M M
CO 5 L L L S S M S S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L - Low
Page 24 of 90
M. Sc. Cyber Forensics & Information Security
Units
Fundamentals of Cyber Law
Introduction on cyber space - Jurisprudence of Cyber Law - Scope of Cyber Law - Cyber law
I
in India with special reference to Information Technology Act, 2000 (as amended) and
Information Technology Act, 2008.
E- Governance and E – Commerce
Electronic Governance - Procedures in India - Essentials & System of Digital Signatures - The
II
Role and Function of Certifying Authorities - Digital contracts - UNCITRAL Model law on
Electronic Commerce - Cryptography – Encryption and decryption
Cyber Crimes Investigation
III Investigation related issues - Issues relating to Jurisdiction - Relevant provisions under
Information Technology Act, Evidence Act - Indian Penal Code - Cyber forensics - Case studies
Trademark, IPR and Patent laws
Definitions and concepts
Page 25 of 90
M. Sc. Cyber Forensics & Information Security
Intellectual Property Rights: Concept of IPR - Global Scenario with Case Laws - IPR
infringements - Secrecy and Confidentiality in IPR - Civil and Criminal liabilities in IPR -
International Applications and its advantages - Important international conventions and
Treaties: Paris Industrial Property, Berne convention literary and artistic work, WIPO copyright
Treaty, ROME Convention for protection of Performers, producers and broadcasting
organization, PRIPS Agreement on Trade related aspects of IPR, Brussels satellite convention
- IPR and Criminal Jurisprudence
Patent Law: Basics - Conditions of Patentability - WIPO Patent Co-operation Treaty - Geneva
convention on Patent Law - Software and Business Method Patents - Indian Patent Act -
Infringement - Defenses
1. Raman Mittal.(2004).Legal Dimension on Cyber Space, Indian Law Institute, New
Delhi
2. Anupa P Kumar.(2009).Cyber Law,Volume 1.Create space Independent Publishers
3. Vakul Sharma.(2017).Information Technology -Law and Practice.5th Edition,
Universal Law Publishing, NewDelhi
4. Laws on Cyber Crime: P.K.Singh (2007), Book Enclave Jaipur, Page 131
5. Dr. Gupta & Agrawal.(2016). Cyber Laws. Premier Publishing Company
6. Seth Kamika.(2013).Computers Internet and New Technology Law
References 7. Cyber law by Nandan kamath, Fifth Edition, Universal law Publication, 01 Jan 2012
8. Intellectual property by Robert P Merges, 3rd Edition, Aspen Publication, 2003
9. Computers , Technology and the new internet laws by Karnika Seth, Updated
Edition, Lexis nexis Publication, 01 Jan 2013
10. Legal dimensions of cyber space by S.K.Verma, Volume 1, Ashgate Publication, 01
Jan 2001
11. Law relating to patents, trademarks, copyright, design and geographical indications
by Dr. B.L. Wadehra, 5th edition, Universal law Publication, 2012
12. Law of Intellectual Property by Dr. S.R. Myneni, 6th Edition, Asia Law House
Publication, 01 Jan 2013
Page 26 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 S S S S S S S M M L
CO 2 S S S S S S S S M L
CO 3 S S S S S M M M L L
CO 4 S S S S M M M M L L
CO 5 S S S S S M M L L L
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L - Low
Page 27 of 90
M. Sc. Cyber Forensics & Information Security
Page 28 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M L M S S S S S S
CO 2 L L L M S S S S S S
CO 3 M L M M S S S S S S
CO 4 M M L M S S S S S M
CO 5 L L L S S M M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 29 of 90
M. Sc. Cyber Forensics & Information Security
Units
Windows Forensics
Volatile Data Collection - Memory Dump - System Time - Logged On Users - Open Files -
Network Information (Cached NetBIOS Name Table) - Network Connections - Process
Information - Process-to-Port Mapping - Process Memory - Network Status - Clipboard
Contents - Service / Driver Information - Command History - Mapped Drives – Shares - Non-
I Volatile Data Collection: Disk Imaging (External Storage such as USB and Native Hard Disk),
Registry Dump, Event Logs, Devices and Other Information, Files Extraction, Write-Blocking
port - Registry Analysis - Browser Usage - Hibernation File Analysis - Crash Dump Analysis
- File System Analysis - File Metadata and Timestamp Analysis - Event Viewer Log Analysis
- Timeline Creation
Linux Forensics
Volatile Data Collection: Date and time information, Operating system version, Network
interfaces, Network connections, Open ports, Programs associated with various ports, Open
II Files, Running Processes, Routing Tables, Mounted file systems, Loaded kernel modules,
Users past and present - Non-Volatile Data Collection: Disk Imaging(External Storage such as
USB and Native Hard Disk) - Getting Log Files - Collecting File Hashes - Getting File Metadata
- User Command History - Hardware and Software Write Blocking(udev rules) - Mouting
Page 30 of 90
M. Sc. Cyber Forensics & Information Security
Images: MBR Partitions, Extended Partitions, GUID Partitions- File System Analysis - Files
Metadata and Timestamp Analysis - Log Analysis - Timeline Creation
Mac Forensics
Understanding Macintosh and HFS File System Architecture - Macintosh GPT Structure -
III Imaging a Mac - Directory Structure – Finding Evidences - Safari and other browser artefacts
analysis - iChat and Apple Mail analysis
Network Forensics
Understanding Protocols with Wireshark: TCP, UDP, HTTP(S), SSH, Telnet, SMTP, POP /
IV POP3, IMAP, FTP, SFTP, ARP - Packet Capture using Wireshark, tshark and TCP dump -
Packet Filtering - Extraction of Data from PCAP file - Netflow vs Wireshark - Analysis of logs:
CISCO logs, Apache Logs, IIS Logs, Other System Logs
Memory Forensics
History of Memory Forensics - x86/x64 architecture - Data structures - Volatility Framework
& plug-in - Memory acquisition - File Formats – PE/ELF/Mach-O - Processes and process
injection - Windows registry - Command execution and User activity - Networking; sockets,
V
DNS and Internet history - File system artefacts including $MFT, shell bags, paged memory
and advanced registry artefacts - Related tools – Bulk Extractor and YARA - Time lining
memory - Recovering and tracking user activity - Recovering attacker activity from memory -
Advanced Actor Intrusions
Virtual Machine Forensics
Types of Hypervisors - Hypervisor Files and Formats - Use and Implementation of Virtual Machines in
Forensic Analysis - Use of VMware to establish working version of suspect's machine - Networking
VI and virtual networks within Virtual Machine - Forensic Analysis of a Virtual Machine: Imaging of a
VM, Identification and Extraction of supporting VM files in the host system, VM Snapshots, Mounting
Image, Searching for evidence
Cloud Forensics
Introduction to Cloud computing - Challenges faced by Law enforcement and government
agencies - Cloud Storage Forensic Framework - Evidence Source Identification and
preservation in the cloud storage - Collection of Evidence from cloud storage services -
VII Examination and analysis of collected data: Cloud Storage Forensic Analysis, Evidence Source
Identification and Preservation, Collection of evidence from cloud storage devices,
Examination and analysis of collected data - Drop box analysis: Data remnants on user
machines, Evidence source identification and analysis - Collection of evidence from cloud
storage services, Examination and analysis of collected data - Google Drive: Forensic analysis
Page 31 of 90
M. Sc. Cyber Forensics & Information Security
of Cloud storage and data remnants, Evidence source identification and analysis - Collection of
evidence from cloud storage services, Examination and analysis of collected data – Issues in
cloud forensics - Case Studies.
Windows Registry analysis by Harlan Carvey,2010
Network Forensics by Ric Messier, 2017
ShaguftaRajguru, AayushPathak, Danish K. Chaus, Akshay J. Boramani“Design of Tool for
Digital Forensics in Virtual Environment” International Journal of Computer Applications
,Volume 163 – No.4,April-2017
Computer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage
(CHFI), 2nd Edition (Computer Hacking Forensic Investigator), EC-Council.
Alomirah, N. (2016). Forensics Analysis of Residual Artefacts Acquired During Normal and
Private Web Browsing Sessions (Doctoral dissertation, Auckland University of Technology).
EC-Council. (2009). Computer Forensics: Investigating Network Intrusions and Cyber Crime:
Cengage Learning.
Girard, J. E. (2013). Criminalistics: Forensic Science, Crime, and Terrorism: Jones & Bartlett
References
Learning, LLC.
Gogolin, G. (2012). Digital Forensics Explained: CRC Press
Practical Windows Forensics Kindle, Ayman Shaaban, Konstantin Sapronov, PACKT Publishing.
Ligh, M. H., Case, A., Levy, J., & Walters, A. (2014). The art of memory forensics: detecting
malware and threats in windows, linux, and Mac memory. John Wiley & Sons
Alam, N. (2009). Survey on hypervisors. Indiana University, Bloomington, School of Informatics
and Computing.
Khangar, S. V., Nagpur, E., & Dharaskar, R. V. (2012). Digital Forensic Investigation for Virtual
Machines. International Journal of Modeling and Optimization, 2(6), 663.
Riaz, H., & Tahir, M. A. (2018, March). Analysis of VMware virtual machine in forensics and
anti-forensics paradigm. In 2018 6th International Symposium on Digital Forensic and Security
(ISDFS) (pp. 1-6). IEEE
Cloud Storage Forensics 1st Edition, by Darren Quick, Ben Martini, and Raymond Choo.
Page 32 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 S S S M L L M M M M
CO 2 S S S M M M M L L L
CO 3 S S S S M M M L M S
CO 4 M M M L S S S S M M
CO 5 S S S S M M M L L L
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L - Low
Page 33 of 90
M. Sc. Cyber Forensics & Information Security
Units
Fundamentals of Information Security Compliance and Standards
COSO – Overview, Objective, Requirements and Target Domains or Industries, COBIT–
Overview, Objective, Requirements and Target Domains or Industries, ITIL– Overview,
Objective, Requirements and Target Domains or Industries, ISO 27001– Overview, Objective,
Requirements and Target Domains or Industries, ISO 22301– Overview, Objective,
I
Requirements and Target Domains or Industries, PCIDSS– Overview, Objective, Requirements
and Target Domains or Industries, HIPAA– Overview, Objective, Requirements and Target
Domains or Industries, HITRUST– Overview, Objective, Requirements and Target Domains
or Industries, SOCR (ISAE and SSAE)– Overview, Objective, Requirements and Target
Domains or Industries, Other Standards and their objectives (NIST etc.)
Information Security Auditing and Auditing Methodology
Introduction to Auditing Terminologies (Population, Evidence, Sampling , SLA etc) - Lifecycle
of an Audit - Legal and Contractual Obligations, Liabilities and Accountability of involved
II
parties - Control Objectives and Controls - Validating and Verifying Population- Sampling
Methodology - Evidence Validation Methodology – Completeness and Accuracy - Analysing
Observations and provision of weightage - Communication of the findings and Reporting
Page 34 of 90
M. Sc. Cyber Forensics & Information Security
SDLC concepts - Different SDLC and cost estimation models - Testing: types, methods and
issues - Program coding and security to be built into system - Software maintenance and change
control processes - Configuration management - Software Capability Maturity model (CMM)
Applied Cryptology
Classical Encryption Techniques : Substitution Techniques, Transposition Techniques,
Steganography, Permutation Methods - Confidentiality using conventional encryption -
Placement of Encryption - Traffic Confidentiality - Random Number Generation - Certificate
Authority - Key Management (Transfer, Verification, Usage, Updation, Storage, Backup and
IV Destruction of Keys): Generating Keys, Key Distribution, Key Lifetime, Compromise of a Key
Scenario - Nonlinear Key spaces - Public-Key Management - Criminal Code Systems Analysis
- Sports Bookmaking Codes - Horse Race Bookmaking Codes - Other Application of
Cryptography: Code Signing, Authentication and Authorisation of a Personnel / Device and
Two Factor Authentication,SSL
Page 35 of 90
M. Sc. Cyber Forensics & Information Security
Official (ISC)2 Guide to the CISSP CBK by Adam Gordon, Fourth Edition, (ISC)2 Press, 23
April 2015
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M M L L S S S S S
CO 2 L L L M S S M S S S
CO 3 L L M L M S S M S S
CO 4 L L L M M M S S S S
CO 5 L L L S S M M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L - Low
Page 36 of 90
M. Sc. Cyber Forensics & Information Security
Units
Fundamentals of Databases
What is a Database? - DBMS - Purpose of DB and Users of DB - Components of DB -
Concepts of RDBMS - Basic SET Concepts (SET, Subset) - Set of Ordered Tuples - Relations
I
as a DB (Concepts of PK, FK, Surrogate Keys, Composite Keys, Candidate Keys)- Relational
DB Operators (Cartesian Product, Union, Intersect, Difference) - Relational DB Normal Forms
(1NF, 2NF, 3NF) - E-R Model.
Database Security Lifecycle
Concept of DB Security Lifecycle - Creating Data Risk Assessment - Analyzing data threats,
II risks & vulnerabilities - Need for database security architecture - Implementing feedback
mechanisms - Adjusting policies & practices based on feedback mechanisms using different
security models
Database Security
Models: Access Matrix Models, Objects & Subjects, Types of Objects & Subjects, Access
III Modes (Static & Dynamic),Access Levels - Issues in Database Security - Database Access
Control - Security Logs and Audit Trails – Encryption - SQL Data Control Language - Security
in Oracle - Statistical Database Security - SQL Injection - Database Security and the Internet
Application Types
IV Client/Server Applications - Components of Client/Server Applications (Logical & Physical
Architecture) - Web Applications: About Web Applications, Technologies used to create Web
Page 37 of 90
M. Sc. Cyber Forensics & Information Security
1. Garcia-Molina, H. (2008). Database Systems: The Complete Book. India: Pearson Education.
2. Taylor, A. G. (2000). Database Development For Dummies. United Kingdom: Wiley.
3. Zgola, M., Basta, A. (2011). Database Security. United States: Cengage Learning.
References
4. Castano, S., Fugini, M. G., Martella, G. (1995). Database Security. United Kingdom: ACM
Press.
5. Thuraisingham, B. (2005). Database and Applications Security: Integrating Information
Security and Data Management. United Kingdom: CRC Press.
Page 38 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M M L L S S S S S
CO 2 L L L M S S S S S S
CO 3 L L M L M S S S M S
CO 4 L L L M M M S S S M
CO 5 L L L S S M M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 39 of 90
M. Sc. Cyber Forensics & Information Security
1. Ability to identify the security issues in the network and resolve it.
2. Analyze the vulnerabilities in any computer system and able to design security solution.
3. Acquire the knowledge of advanced security issues and technologies
Course
Outcomes 4. Demonstrate various network security applications, IPsec, Firewall, IDS, Web Security,
Email Security and Malicious software etc.,
5. Evaluate security mechanism using rigorous approaches by key ciphers and Hash
functions.
Page 40 of 90
M. Sc. Cyber Forensics & Information Security
VPN and its types - Tunnelling Protocols - Tunnel and Transport Mode - Generic Routing
Encapsulation (GRE)
MPLS and MPLS VPN
V WAN Topologies - Standard IP based Switching - CEF based Multi-Layer switching - MPLS
Characteristics - Frame Mode MPLS Operation - MPLS VPN.
Securing Wireless Networks
Overview of Wireless security - Scanning and Enumerating 802.11 Networks - Attacking
VI 802.11 Networks - Attacking WPA protected 802.11 Networks – Bluetooth - Scanning and
Reconnaissance - Bluetooth Eavesdropping - Attacking and Exploiting - Bluetooth and Zigbee
Security - Zigbee Attacks
Ad-hoc Network Security
Security in Ad Hoc Wireless Networks - Network Security Requirements - Issues and
VII
Challenges in Security Provisioning Network Security Attacks - Key Management in Ad-hoc
Wireless Networks - Secure Routing in Ad-hoc Wireless Networks
RFID Security
Introduction - RFID Security and privacy - RFID chips Techniques and Protocols - RFID anti-
counterfeiting - Man-in-the-middle attacks on RFID systems - Digital Signature – Transponder
- Combining Physics and Cryptography to Enhance Privacy in RFID Systems - Scalability
VIII
Issues in Large-Scale Applications - An Efficient and Secure RFID Security Method with
Ownership Transfer - Policy-based Dynamic Privacy Protection Framework leveraging
Globally Mobile RFIDs - User-Centric Security for RFID based Distributed Systems -
Optimizing RFID protocols for Low Information Leakage - RFID: an anti-counterfeiting tool.
1. Network Protocols Handbook (2nd Edition), Javvin Technologies Inc, 2004.
2. Cryptography and Network Security: Principles and Practice (6th Edition), William Stallings,
Prentice Hall Press, 2013.
3. CompTIASecurity+ Guide to Network Security Fundamentals (6th Edition), Mark Ciampa,
CENGAGE, 2017.
References 4. Network Security Assessment (2nd Edition), Chris McNab, O’REILLY, 2008.
5. Official (ISC)2 Guide to the CISSP CBK by Adam Gordon, Fourth Edition, (ISC)2 Press, 23
April 2015
6. CISSP All-in-One Exam Guide by Shon Harris and Fernando Maymi, 7th Edition, McGraw-
Hill Education, 1 June 2016
7. Information Security Management handbook, 6th Edition, Harold F Tipton, Micki Krause,
Auerbach Publications, 5 April 2012
Page 41 of 90
M. Sc. Cyber Forensics & Information Security
8. The CISSP Prep Guide: Gold Edition by Ronald L. Krutz, Russel Dean Vines, Gold Edition,
Wiley Publication, 31 Oct 2002
9. Certified Information Systems Security Professional, Study Guide by Ed Tittel, Mike Chapple,
James Michael Stewart, 6th Edition, Sybex Publication, 06 July 2012
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M M L L S S S S S
CO 2 L L L M S S S S S S
CO 3 L L M L M S S S M S
CO 4 L L L M M M S S S M
CO 5 L L L S S M M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 42 of 90
M. Sc. Cyber Forensics & Information Security
1. Able to understand and have hands on experience in the carving of deleted content,
tracking web browser history, identifying files accessed.
Course 2. able to understand and have hands on experience in acquisition and analysis of a phone,
Outcomes
acquisition and analysis of volatile memory, extraction of chat and other artefacts from
Volatile memory.
3. Acquire practical knowledge on Volatile memory acquisition
Page 43 of 90
M. Sc. Cyber Forensics & Information Security
o Network profile
o USB devices accessed
o Wireless network access
o Cloud access
o Remote Desktop
3. Advanced Cyber Forensics and Extraction of data from Mobile Devices
Gleaning evidence from page file and random-access memory
Identifying and dealing with encryption
Identifying and preserving cloud services
Mobile phone Acquisition methods
4. Network Forensics
Protocol Analysis using Wire Shark
o ICMP
o IP
o TCP
o DNS
o FTP
o Other Protocols
Gmail Header analysis
Active Directory (Demo)
NMap
Log analysis
authentication logs
o Windows logs
System logs
Application logs
Security logs
Firewall logs
Network miner
Page 44 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 S S S M L L M M M M
CO 2 S S S M M M M L L L
CO 3 S S S S M M M L M S
CO 4 M M M L S S S S M M
CO 5 S S S S M M M L L L
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 45 of 90
M. Sc. Cyber Forensics & Information Security
Units
Introduction to Privacy
Data Protection & Privacy Terminologies - Data Protection Principles and Approaches to
I
Privacy - Code for protection of Personal Information - Information Life Cycle - Data
Security Threats and Mitigation - Data Storage Security Issues in Cloud Computing
Data protection principles and Safeguards
Principle 1 – fair and lawful, Principle 2 – purposes, Principle 3 – adequacy, Principle 4 –
accuracy, Principle 5 – retention, Principle 6 – rights, Principle 7 – security, Principle 8 –
international Conditions for processing - Subject access request Damage or distress -
Preventing direct marketing - Automated decision taking - Correcting inaccurate personal
data - Compensation, Exemptions & Complaints - Big data - CCTV & Data sharing - Online
II
& apps Privacy by design - Guidance Note on Protecting the confidentiality of Personal Data
- Safeguarding Personal Information: Using Personal Information on Websites and with
Other Internet-related Technologies - Privacy considerations for sensitive online information,
including policies and notices, access, security, authentication identification and data
collection - Data Privacy in online data collection, email, searches, online marketing and
advertising, social media, online assurance, cloud computing and mobile devices.
Page 46 of 90
M. Sc. Cyber Forensics & Information Security
Page 47 of 90
M. Sc. Cyber Forensics & Information Security
Information Standards (OASIS), Cloud Security Alliance (CSA) - IOT Governance - IOT
Security & Privacy Issues - IOT Privacy challenges - IOT Privacy solutions
Legal Framework for Data Protection, Security & Privacy norms
Data Protection - Security & Privacy: Privacy and Legal Approaches to privacy protection,
Privacy Principles & Concepts, Privacy Laws – brief facts - Recent International Privacy
issues - Privacy and Self-Regulation - Privacy Codes - Privacy Standards - Privacy in Indian
VI
Context - Existing Privacy laws in India - National Security and Privacy - Data Security
Council of India (DSCI) - Trans-border Data Flow – Outsourcing Environment - Privacy
Debate: Issues - Proposed Privacy Act – DSCI Recommendations - The Future of Privacy
Standards in India - GDPR
Data privacy principles and practice – Nataraj Venkataramanan, Ashwin Shriram
Cannon, J.C. Privacy: What Developers and IT Professional Should Know. (Addison
Wesley, 2004)
References Cranor, Lorrie Faith. I Didn't Buy it for Myself, in Clare-Marie Karat, Jan O. Blom, and
John Karat (ed.), Designing Personalized User Experiences in eCommerce. Kluwer
Academic Publishers. 2004.
Microsoft Corporation. Privacy Guidelines for Developing Software Products and Services
(Microsoft, 2007)
Data Security Council of India, Data Certified Privacy Lead Assessor Course Material
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M L L L S S S S S
CO 2 L L L M S S S S S S
CO 3 M L M L M S S S S S
CO 4 M M L M S S S S S M
CO 5 L L L S S M M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 48 of 90
M. Sc. Cyber Forensics & Information Security
Units
Introduction to Python
Python History and Evolution - Need for Python in Information security - Different Versions
and Releases of Python (Iron Python, Jython – Python 2.7, Python 3.0) - Python Installation
and Setting up of environment (Linux and Windows) - Setting up of Virtual Environment
I (Virtual environment) - Data types: Strings, Numbers, Lists, Dictionaries, Tuples, Set, Boolean
- String Operations and Methods - List Operations - Dictionary Operations - Conditional
Statements: If- Else loop combinations, For Loops, While Loops – Functions - Classes and
Objects – Inheritance – Modules – Packages - Exception Handling
System Programming
II File Handling: Open, Read, Write, Close, Rename,Delete - Directory Navigation - Process
Creation - Threading and Queuing – Multiprocessing - Signals and IPC - Sub process
Page 49 of 90
M. Sc. Cyber Forensics & Information Security
Page 50 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M M L L S S S S S
CO 2 L M L M S S S S S S
CO 3 M L M L M S S S M S
CO 4 M L L M M M S S S S
CO 5 M L L S S M M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 51 of 90
M. Sc. Cyber Forensics & Information Security
Unit 2 Decision Tree, Bayes Classifier, K nearest neighbor, Support Vector Machine, Kernel
Machine, Clustering, Outliner detection, Sequence mining
Unit 3 Evaluation, Visualization, Case studies
References 1. Introduction to Data Mining, Tan, Steinbach and Vipin Kumar, Pearson
Education,2016.
2. Data Mining: Concepts and Techniques, Pei, Han and Kamber,Elseiveir, 2011.
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
Page 52 of 90
M. Sc. Cyber Forensics & Information Security
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M L M S S S S S S
CO 2 L L L M M S S S S S
CO 3 M L M M S S M S S S
CO 4 M M L M S S S S S M
CO 5 L L L S S M M S M S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 53 of 90
M. Sc. Cyber Forensics & Information Security
Units
Fundamentals of E-Mail and Mail Infrastructure
How email works - The role of Mail User Agent - Mail Delivery Agent - Mail Transfer Agent
and DNS servers - An overview of various protocols (SMTP, POP, POP3, IMAP) - SMTP
model including the basic structure as well as the extension model - The SMTP terminology -
I SMTP procedures (session initiation, mail transaction, forwarding mail, relaying, mail
gatewaying, support for mailing lists as well as aliases, termination etc) - Important SMTP
commands including their sequencing as well as the corresponding replies / response codes -
Commands for debugging addresses- SMTP trace information - Address resolution & mail
handling - Problem detection & handling - Security considerations (SPF Records etc.)
Page 54 of 90
M. Sc. Cyber Forensics & Information Security
III - Tools of trade - Historical anti-spam approaches - Language classification and statistical
filtering anti-spam techniques - Anti-spam solution offerings - Intro to phishing - Email
security issues that aid in phishing - Role of emails in common types of phishing attacks
(impersonation, forwarding and popups) - Anti-phishing solution offerings
E-mail Forensics
Understanding message headers - Forging message headers and identifying forged headers -
IV General approaches to tracking the email sender - General approaches to inspect attachments -
Spam and steganography - Understanding different formats of Mail Databases and working
(Exchange Server, IBM Lotus Server)
Social Network – Privacy and Security
Introduction - Social Network Privacy Policy - Data Collection by Social Media for targeted
advertisements - Phishing and Malware propagation through Social Network – Social Media
based botnet and C&C Servers - Cyber Bullying and Online Harassments (Case Studies –
Objectives, Modus Operandi, Vulnerabilities, Conclusion) - Social Media Analytics, Open
V Source Intelligence (OSINT) , Social Media Policing: Sentimental / Emotional Analysis and
their Applications (Election , Product and Branding), Stalking, Information Gathering,
Geospatial Social Data mining - Social Media Security and Privacy Settings: Password,
Password recovery settings, Enabling / Disabling Integration of Applications with Social Media
Account, Targeted public of a post, Block, Activity Logging and monitoring, Authorised
Devices, Two factor authentication, Security Breach Notification
Security and Forensics of Mobile & Wireless Devices
Introduction - Types of Mobiles and wireless devices and their functionalities - Proliferation of
Mobile and Wireless Devices - Trends in Mobility, Credit Card Frauds in Mobile and Wireless
Computing - Types and Techniques of Credit Card Frauds - Security Challenges Posed by
Mobile Devices - Registry Settings for Mobile Devices Authentication Service Security -
VI Mobile phone camera and microphone hacking - On-Screen Keyboard keyloggers -
Cryptographic Security for Mobile Devices - LDAP Security for Hand-Held Mobile Computing
Devices - RAS Security for Mobile Devices - Media Player Control Security - Networking API
Security for Mobile Computing Applications - Attacks on Mobile/Cell Phones - Mobile Phone
Theft - Mobile Viruses - Mishing, Vishing, Smishing, - Hacking Bluetooth (Bluesnarf attack)
- Mobile Devices: Security Implications for Organizations - Managing Diversity and
Page 55 of 90
M. Sc. Cyber Forensics & Information Security
Page 56 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 S S S S M M M L L L
CO 2 S S S M M M M M L L
CO 3 M M M L L S S S S S
CO 4 S S S S M M M L L M
CO 5 L L L M M S S S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 57 of 90
M. Sc. Cyber Forensics & Information Security
Units
Introduction
I Overview of Enterprise Infrastructure Integration - Requirement to understand the Enterprise
Infrastructure - Enterprise Infrastructure Architecture and it’s components
Active Directory Infrastructure
Overview of Active Directory (AD) - Kerberos – LDAP - Ticket Granting Ticket {TGT} –
Forest – Domain - Organization Unit (OU) - Site Topology of a Forest - Trust Relationships -
Object – Creation, Modification, Management and Deletion: User, Group, Computer, OU,
Domain - Group Policy (GPO) Management: Structure of GPO, Permissions and Privileges -
II GPO Security Settings: Password Settings, Account Lockout Settings, Account Timeout
Settings, USB Enable/ Disable Settings, Screen Saver Settings, Audit Logging Settings,
Windows Update Settings, User Restriction Settings - Creation of GPO - Linking a GPO -
Application of GPO : Linking a GPO , Enforcing a GPO, GPO Status - Inclusion / Exclusion
of Users/ Groups in a GPO: Precedence of GPO, Loopback Processing of GPO, Fine-Grain
Policy / Fine-Grain Password Policy - Addition of Windows Workstations to Domain and
Page 58 of 90
M. Sc. Cyber Forensics & Information Security
III Authorisation and Accountability) in Network Devices (Router, Switches, Firewalls etc.), -
Administrative and User Level Privileges: VPN, MPLS, Configuring Internet Connectivity
from ISP, Network Monitoring: Performance, Throughput, Security, Other monitoring
parameters - Understanding and Configuring Access Lists / Traffic Rules in Routers / Firewalls
/ L3 Switches - Understanding Network Device Configuration Report - Best practices of
placement of various network devices across various Network Zones in a Network
Infrastructure - Network Infrastructure Designing - Designing and Understanding a Network
Diagram - Network Device Configuration Backup & Restoration - Network Device Hardening
Guidelines
Page 59 of 90
M. Sc. Cyber Forensics & Information Security
Agent, Log Collection Server, Threat Monitoring, Rule Configuration, Threat Alert - Physical
Access Control System: Bio-metric / Access Card System Network Integration, Physical
Access Control Server Configuration - CCTV System Integration (IP based and Analog Based)
- Backup Management Server - Storage Management: SAN, NAS, File Server, Share Drive -
Network Management and Maintenance Server (Network Monitoring System) - Bastion / Jump
Servers or Hosts - Secondary Authentication System (RSA Token Server etc.) - HVAC,
Temperature and Smoke Detection Monitoring System Integration - BYOD (Bring Your Own
Device):Integration with Corporate Infrastructure,Security Considerations - Best Practices
Data Centre Disaster Recovery and Backup
Data Centre: Basic Design Practices on construction of Data Centre (From Information Security
standpoint) - Site Selection - Energy use and Electricity Wiring - Floor Planning - Temperature
Control Systems - Fire Protection – Security: Secondary / Backup Data centre Criteria, Co
VI
location Data centres, Types of Data Centres: Tier-1, Tier-2, Tier-3, Tier-4 - Backup and
Storage Management: Tape Storage and Management, Data Recovery Test, Date Retention
Policy - Corporate Mass Communication Channels (For Broadcast of Disaster Alert / BCP
Invocation to employees and other staffs)
1. Minoli, D. (2008). Enterprise Architecture A to Z: Frameworks, Business Process Modeling,
SOA, and Infrastructure Technology. Ukraine: CRC Press.
2. Blokdyk, G. (2019). Enterprise Infrastructure Software Spending a Complete Guide - 2019
Edition. (n.p.): Emereo Pty Limited.
References 3. Blokdyk, G. (2019). Enterprise Infrastructure a Complete Guide - 2019 Edition. (n.p.):
Emereo Pty Limited.
4. Niemann, K. D. (2007). From Enterprise Architecture to IT Governance: Elements of
Effective IT Management. Germany: Vieweg+Teubner Verlag.
5. Hanschke, I. (2009). Strategic IT Management: A Toolkit for Enterprise Architecture
Management. Germany: Springer Berlin Heidelberg.
Page 60 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M L M M S S S S S
CO 2 L L L M M S S S S S
CO 3 M L M M M S S M S S
CO 4 M M L M M S S S S S
CO 5 L L L S S S S S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 61 of 90
M. Sc. Cyber Forensics & Information Security
Units
Introduction to GRC
I
Governance, Risk & Compliance definition - Scope and Objectives - IT Governance Metrics
& Framework - BASEL – OECD
Best Practices for IT Governance
II ITIL - ISO/IEC 27001 - Control Objectives of Information and Related Technology (COBIT)
- The Information Security Management Maturity Model - Capability Maturity Model - Any
other latest standards and compliance technologies.
Information Security Governance
Page 62 of 90
M. Sc. Cyber Forensics & Information Security
Page 63 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M L M S S S S S S
CO 2 L L L M S S S S S S
CO 3 M L M M S S S S S S
CO 4 M M L M S S S S S M
CO 5 L L L S S M M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 64 of 90
M. Sc. Cyber Forensics & Information Security
Page 65 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 S M S L M S S L L M M
CO 2 S L S L M S S L L L L
CO 3 S M S M M S S M M M M
CO 4 S M S L M S S L L M M
CO 5 M L M L S S M L L L L
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 66 of 90
M. Sc. Cyber Forensics & Information Security
1. Explore career alternatives prior to graduation and to Integrate theory and practice.
2. Assess interests and abilities in their field of study and learn to appreciate work and its
function in the economy.
Course 3. Develop work habits and attitudes necessary for job success.
Outcomes
4. Develop communication, interpersonal and other critical skills in the job interview
process and to build a record of work experience.
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 S M S L M S S S S M
CO 2 S S S S M S S S S S
CO 3 S M S M M S S M M M
CO 4 S M S S M S S S S M
CO 5 M S M S S S M L S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 67 of 90
M. Sc. Cyber Forensics & Information Security
Units
Introduction to Embedded Systems
What is embedded system? - Components of embedded system.(Block diagram) - Uses of
embedded system - Function of embedded systems - Different types of embedded systems
(Based on performance and functional requirements): Real time embedded systems, Stand
alone embedded systems, Networked embedded systems, Mobile embedded systems -
Characteristics of Embedded System - Embedded system constrains: General characteristics of
embedded system in the real-time computation of system - How embedded system software
embedded into computer hardware makes a system dedicated to be used for variety of
I application - How embedded system used for specific task that provide real-time output on the
basis of various characteristics of an embedded system - Embedded system used for serving
more specific application to perform variety of task using hardware-software intermixing
configuration - How it provides high reliability and real-time computation ability:
Characteristics of Hardware and Software Interfacing in the real world of Embedded Systems
with some of the examples - Advantages of Embedded System: Same hardware can be used in
variety of application, Lesser power requirement, Lower operational cost of system, Provide
high performance and efficiency- Disadvantages of Embedded System: Developing a system
required more time. Due to functional complexity, Skilled engineers required because one
Page 68 of 90
M. Sc. Cyber Forensics & Information Security
mistake may result in destroying of complete project - Comparison between embedded systems
and general purpose computing.
Microprocessors and Microcontrollers
Processor and its type - General Purpose processor (GPP) – Microprocessor – Microcontroller
- Embedded Processor - Digital signal Processor: Application Specific System Processor
(ASSP), Multi Processor System using GPPs - IC technology - Introduction to VLSI -
II Programmable logic device (PLD) - Microcontrollers and types of microcontrollers -
Comparison between micro processor and microcontroller - Applications of an embedded
system: Navigation tools like global positioning system (GPS), Automated teller machines
(ATMs), Networking equipment, Digital video cameras, Mobile phones,
Aerospace applications, Telecom applications, Others.
Security in Embedded Systems
Introduction - Need for increased embedded security: Striking an appropriate balance : balance
of business requirements with security, Increasing Complexity and Connectivity, Cyber-
security and information assurance - Attack and threat classification - Guidelines for Improving
Embedded Systems Security: Conduct an end-to-end threat assessment - Complete product life
cycle analysis to be performed - Possible entry paths for attacks into the system to be defined
and described - Risk matrix to be built - Mitigation strategy to be created based on the priority
list - Creation of a design specification that includes security needs based on the previous
assessments: Leverage existing advanced security designs, Select an appropriate run-time
platform, Secure the applications, Adopt comprehensive life cycle support- Practical design
solutions: Enclosure - External interfaces - Tamper mechanism - Emissions & immunity :
III
Circuit board - Physical access to components - PCB design and routing - Memory devices -
Power supply - Clock and timing - I/O port properties - Cryptographic processors and
algorithms – Firmware: Programming practices, Storing secret components, Run time
diagnostics and failure modes, Field programmability, Obfuscation - Security needs in
embedded systems (Hardware and software security requirements in an embedded device that
are involved in the transfer of secure digital data) - Security needs for data transfer: Data
Encryption, Public-key Key Agreement Algorithm, Digital Signature, Digital Certificate,
Certificate Hierarchy, Examples of Key Agreement algorithm - Security needs within the
device: Secure SoC, Secure ROM, Internal RAM and Secure Processes, Secure Boot-Loader
and Code Signing, Encryption and decryption engine, System Time - Software security issues
in embedded systems
Page 69 of 90
M. Sc. Cyber Forensics & Information Security
Page 70 of 90
M. Sc. Cyber Forensics & Information Security
5. Russell, B., Van Duren, D. (2016). Practical Internet of Things Security. United Kingdom:
Packt Publishing.
6. Secure Smart Embedded Devices, Platforms and Applications. (2013). Netherlands: Springer
New York.
7. Mohay, G. M., Collie, B., de Vel, O. (2003). Computer and Intrusion Forensics. United
Kingdom: Artech House.
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M L M S M S S S S
CO 2 L L L M S S S S S S
CO 3 M L M M S S M S S S
CO 4 M M L M S S S S S M
CO 5 L L M S S S M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 71 of 90
M. Sc. Cyber Forensics & Information Security
Units
Introduction to Payment Cards and Digital Payments
The Origin of Payment Cards - Payment Card Networks and Systems - Getting a Bank Card -
Types of Payment Cards and usage: Key Card Features, Credit Cards - What a credit card is -
How a credit card works- Fees associated with credit cards
Types of credit cards – Advantages & Disadvantages, Standard credit card, Secured credit
card, Unsecured credit card, Retail credit card, Charge Cards - How credit card processing
I
works - Credit Limit and Annual Percentage Rate (APR): Debit Cards, Prepaid Cards - Single
purpose prepaid cards - Multipurpose prepaid cards - Anatomy of Payment Card Numbers -
Point of Sale (PoS) and Card Steps - Unstructured Supplementary Service Data (USSD) based
Mobile Banking - Activation and Registration - Transfer of funds: Transfer to other bank
accounts, Aadhaar Enabled Payment System (AEPS), Micro ATM Transaction, Unified
Payment Interface (UPI), e – Wallets, PoS Types: Physical PoS, MPOS, V-POS
Payment Card Industry Data Security Standard
PCI DSS Introduction: Protecting Cardholder Data with PCI Security Standards - Overview of
PCI Requirements: The PCI Data Security Standard (DSS), PIN Transaction Security
II
Requirements (PTS), Payment Application Data Security Standard (PA-DSS) - Security
Controls and Processes for PCI DSS Requirements: Building and Maintaining a Secure
Network, Protecting Cardholder Data, Maintaining a Vulnerability Management Program,
Page 72 of 90
M. Sc. Cyber Forensics & Information Security
Fraud and Operational Risks in Payment Innovations: Telemarketing Fraud, Transaction Fraud
and Data Security Breach - Major Risks in Emerging Payments: Risk of financial loss,
Operational Risk, Legal Risk, Risk Containment, Difficulties in Containing Fraud and
III
Operational Risks, Confronting Fraud and Operational Risks, Containment Techniques -
Concerns for Emerging Payments Systems: Data Integrity and Privacy, Illicit Use of payment
systems - Informal Case Studies of Risk and Its Management in Emerging Payments: General-
Purpose Prepaid Cards, Electronic debit transactions (E-Cheques), Online Balance-Transfer
Systems - Lessons Learned: Recognize the Problem, Maintaining a Perimeter
PCI Security Breaches, Frauds and Mitigation
Data Compromise & Indicators - Current Issues - What is a breach or compromise? - Effects
of a breach - What happens during a breach? - Data Breach Indicators & Current Processes -
IV What are attacking techniques? - Lost or Stolen cards -Counterfeit cards - Spotting a bad card
- Mail/Telephone Order and Internet Fraud - Card Not Present - Loss of Payment Card –Actions
to be taken - Unauthorized use of payment card by third party - PCI Security Standards Council
(PCISSC) – Common Practices
Online and mobile payments: Supervisory challenges to mitigate security
Introduction: Payments in the digital age, Digital payments in the international agenda - Online
and mobile payment services : Categorization of payment services, Online payments, Mobile
payments, Barriers to the use of innovative payment services - Payment providers : Overview,
V Financial vs. non-financial - Security risks : Overview , Main security incidents, Causal drivers
of security risk, Risk mitigation initiatives - Regulatory framework: Overview, National
framework, International guidance, Self-regulation initiatives - Supervisory framework:
Overview, The scope of supervision, A collaborative supervisory approach, Supervisory tools,
Enforcement powers, Financial education initiatives - Conclusions
Page 73 of 90
M. Sc. Cyber Forensics & Information Security
Page 74 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M M S S M S S S S
CO 2 L L L M S S S S S S
CO 3 M L M S S S M S S S
CO 4 M M L S M M S S S M
CO 5 M L M S S S M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 75 of 90
M. Sc. Cyber Forensics & Information Security
Units
Unit 1 Security Architecture and Design Principles
Cloud service security architecture reference, Security Framework, Web readiness for privacy
protection, Login protection, Cryptographic molecules, Input Validation and sanitization, Data
Masking, Data Governance, Third-party open source management.
References TEXTBOOK
Page 76 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M L M S S S S S S
CO 2 L L L M S S S S S S
CO 3 M L M M S S S S S S
CO 4 M M L M S S S S S M
CO 5 L L L S S M M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 77 of 90
M. Sc. Cyber Forensics & Information Security
Units
Incident Management
Introduction to incident response & management - Incident management perspectives -
Information Technology Infrastructure Library (ITIL): Control Objectives for Information and
I
Related Technologies (COBIT), National Institute of Standards and Technology (NIST SP 800-
61), Computer Emergency Response Team (CERT), Computer Security Incident Response
Team (CSIRT) - Stages in Incident management
Organizing a Computer Security Incident Response Capability
Events and Incidents - Need for Incident Response - Incident Response Policy, Plan, and
II Procedure Creation: Policy Elements, Plan Elements, Procedure Elements, Incident Response
Team, Structure, Models, Model Selection, Team Personnel – Roles and responsibilities -
Team Services
Handling an Incident
Preparation: Preparing to Handle Incidents, Incident Handling Checklist, Preventing Incidents
III - Detection and Analysis: Attack Vectors, Signs of an Incident, Sources of Precursors and
Indicators, Incident Analysis, Documentation, Incident Prioritization, Incident Notification -
Containment, Eradication, and Recovery: Choosing a Containment Strategy, Evidence
Page 78 of 90
M. Sc. Cyber Forensics & Information Security
Gathering and Handling, Identifying the Attacking Hosts, Eradication and Recovery - Post-
Incident Activity: Lessons Learned, Using Collected Incident Data, Evidence Retention.
Collecting Digital evidence
Forensic analysis methodology: Introduction to Digital Evidence, Investigative process,
Incident reconstruction - Identifying the methodology & technology involved for carrying out
attacks - Identifying the motive behind the attacks - Preparing evidence for courtroom -
IV
Guidelines for Digital evidence handling and examination - Collecting evidence from windows
system - Collecting evidence from Linux and other systems - Collecting digital evidence from
the internet - Investigating routers and network topology - Investigating servers and end user
PCs, mobile devices etc.
Recovering After an Incident
Recovery best practices - Gathering information for reporting - Creating a Lessons Learned
V report - Improving security policies after learning from an incident – Honeypots:
Introduction, Types of honeypots, Tools used for setting up honeypots, collecting evidence
from honeypots, Looking out for attack signatures
1. Siegel, S. G., Donaldson, S. E., Aslam, A., Williams, C. K. (2015). Enterprise Cybersecurity:
How to Build a Successful Cyberdefense Program Against Advanced Threats. United Kingdom:
Apress.
2. Fry, C., Nystrom, M. (2009). Security Monitoring. United Kingdom: O'Reilly Media.
3. Woody, A. (2013). Enterprise Security: A Data-Centric Approach to Securing the Enterprise.
United Kingdom: Packt Publishing, Limited.
References 4. Johansen, G. (2017). Digital Forensics and Incident Response. United Kingdom: Packt
Publishing.
5. Allen, B., Loyear, R. (2016). The Manager’s Guide to Enterprise Security Risk Management:
Essentials of Risk-Based Security. United States: Rothstein Publishing.
6. Anson, S. (2020). Applied Incident Response. United Kingdom: Wiley.
7. Schnepp, R., Vidal, R., Hawley, C. (2017). Incident Management for Operations. (n.p.):
O'Reilly Media. 8. Bradley, J. (2016). OS X Incident Response: Scripting and Analysis. United
States: Elsevier Science
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
Page 79 of 90
M. Sc. Cyber Forensics & Information Security
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M M S S M S S M S
CO 2 L L L M S S S S S S
CO 3 M L M S S M S M S S
CO 4 M M L S M M S S S M
CO 5 M L M L S S M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 80 of 90
M. Sc. Cyber Forensics & Information Security
1. Possess the skills necessary to carry out independent analysis of modern malware samples
using static, dynamic, memory analysis
2. To investigate the malware samples and collect the evidence to track the attack.
Course 3. Have an intimate understanding of various executable formats, analysis and techniques.
Outcomes 4. Apply the tools and techniques for cyber threat intelligence
5. Achieve understanding on individual tools including IDA Pro, WinDBG, and PE Explore,
etc.
6. Implement the concept of unpack, decrypt, and extract the technique in future malware
samples
Units
Introduction to Malware Analysis
I Types of Malwares and their behavior - Computer Infection Program - Life Cycle of a Malware
- Virus Nomenclature - Worm Nomenclature - Tools used in Computer Virology
Implementation of Covert Channel
Non-Self-Reproducing Malware - Working Principle of Trojan Horse - Implementation of
II
Remote Access and File Transfer - Working Principle of Logic Bomb - Case Study – Conflicted
C Worm
Virus Design and Its Implications
IV Computer Virus in Interpreted Programming Language - Designing Shell bash virus under
Linux - Fighting over infection – Polymorphism - Case Study – Companion Virus
Page 81 of 90
M. Sc. Cyber Forensics & Information Security
Page 82 of 90
M. Sc. Cyber Forensics & Information Security
Cyber Threat Intelligence sharing through National and Sector oriented communities
Importance of sharing and numerous dimensions to circumvent incidents and mitigate cyber
XI threats - The promise of intelligence communities - CTI community structures -
Organizational context of CTI community - Tooling and infrastructure - Case studies -
Community enrichment and enhancement - Legal implications of information sharing
1. Michael Sikorski, Practical Malware Analysis: The Hands-On Guide to Dissecting
References
Malicious Software, 2012, No Starch Press.
2. Learning Malware Analysis, K A Monnappa, Packt Publishing Limited.
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M M S S S S S S S
CO 2 M L L M S S S S S S
CO 3 M L M S S S M S S S
CO 4 M M L S M M S S S S
CO 5 M L M S S S M M S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 83 of 90
M. Sc. Cyber Forensics & Information Security
Units
Introduction to Ethical Hacking Terms and Concepts
III Vulnerabilities (NodeJS , Python, J2EE, PHP etc.): Template Injection, Object Injection,
Evaluation method Vulnerability leading to Remote Code Execution (RCE), Other
vulnerabilities, Countermeasures - Case Studies - Web Service Hardening.
Page 84 of 90
M. Sc. Cyber Forensics & Information Security
Understanding Network Ports and Services - Working with Network Scanners: Port Knocking,
Service and OS Fingerprinting, Working with various types of Network Service Scans,
Countermeasures - Identifying Vulnerabilities and Exploiting Services: Scanning Services,
Verification and usage of open exploit sources to query exploits, Metasploit for exploitation,
Password Cracking Techniques, Counter measures - Man-in-the-Middle Attack: ARP
Poisoning, Session Hijacking, DNS Spoofing, Counter measures - Types of Payloads: Shell -
Reverse Shell - Applications , Advantages and Limitations - Bind Shell – Applications ,
Advantages and Limitations: Post Exploitation Modules - Privilege Escalation - Identifying
mis-configurations - Identifying System Vulnerabilities - Tools of trade - Data Exfiltration
Techniques - File Hiding using Steganography - Key loggers - Webcam and Audio Recorder -
Custom Shell Commands - Custom Modules: Custom Payload creation & AV Evasion, and
Countermeasures - Achieving Persistence - Covering Tracks / Anti-Forensics Methods -
Overview of Network and System Hardening
Exploitation using Buffer Overflow
Overview of Process and Memory Management - Understanding Registers - Working with
debuggers - Crashing a test application - Controlling Extended Instruction Pointer (EIP) - Shell
V coding - Discovering Bad Characters - Finding a Return Address - Payload Injection - Counter
Measures - Other Exploitation Terminologies, Methods and Countermeasures: Stack
Overflow, Heap Spray, Return Oriented Programming (ROP), Use After Free, Structured
Exception Handler (SEH), Null Pointer Dereference, Integer Overflow
1. Weidman, G. (2014). Penetration Testing: A Hands-on Introduction to Hacking. United
States: No Starch Press.
2. Kalsi, T. (2017). Finding and Exploiting Hidden Vulnerabilities. (n.p.): Packt Publishing.
3. Allsopp, W. (2017). Advanced Penetration Testing: Hacking the World's Most Secure
References Networks. Germany: Wiley.
4. Prasad, P. (n.d.). Mastering Modern Web Penetration Testing. United Kingdom: Packt
Publishing.
5. Engebretson, P. (2013). The Basics of Hacking and Penetration Testing: Ethical Hacking
and Penetration Testing Made Easy. Netherlands: Elsevier Science.
6. Shimonski, R. (2020). Penetration Testing For Dummies. United Kingdom: Wiley
Page 85 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M M S S S S S S S
CO 2 M M L M S S S S S S
CO 3 M L M S S S M S S S
CO 4 M M L S S S S S S S
CO 5 M L M S S S M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 86 of 90
M. Sc. Cyber Forensics & Information Security
Page 87 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 L M M S S S S S M S
CO 2 M L L M S M S S S S
CO 3 M L M S S S M S S S
CO 4 M M L S S S S S S S
CO 5 M L M S S S S S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 88 of 90
M. Sc. Cyber Forensics & Information Security
Developing a project is to implement all the security features that have been taught
during the course
To Enrich innovative technological ideas in building an application
Course
Outcomes To make sure all the parts of project serve as an outcome of the end goal of the
preferred topic
To produce a sustainable option as an output
Learn to manage the inevitable changes while handling a project
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 S M M S S S S S M S
CO 2 M S S M S M S S S S
CO 3 M S M S S S M S S S
CO 4 M M S S S S S S S S
CO 5 M S M S S S S S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 89 of 90
M. Sc. Cyber Forensics & Information Security
Units
Introduction to Continuity Management (BCM) and Disaster Recovery (DR)
Introduction to Business Continuity Management (BCM) and Disaster Recovery (DR) - What
is business continuity management BCM? - What is the purpose of a business continuity plan?
- BCM principles - BCM lifecycle: BCM programme management, Understanding the
I organization, Determining business continuity strategy, Developing and implementing a BCM
response, BCM exercising, Maintaining and reviewing BCM arrangements, Embedding BCM
in the organization’s culture - Drivers of Business Continuity Management - Roles and
responsibilities - Developing effective BCM Capabilities - BCM in business: Benefits and
consequence, Contemporary landscape: Trends and directions - Current developments in BCM
Risk Management
BCM and DR – The relationship with Risk Management - Risk Management concepts and
framework: Concepts of threat, vulnerabilities and hazard, Risk Management process, Risk
II
assessment, Risk control options analysis, Risk control implementation, Risk control decision,
and risk reporting - Business Impact Analysis (BIA) concept, benefits and responsibilities - BIA
methodology - Assessment of financial and operational impacts: Identification of critical IT
Page 90 of 90
M. Sc. Cyber Forensics & Information Security
Page 91 of 90
M. Sc. Cyber Forensics & Information Security
The CISSP Prep Guide: Gold Edition by Ronald L. Krutz, Russel Dean Vines, Gold
Edition, Wiley Publication, 31 Oct 2002
Certified Information Systems Security Professional, Study Guide by Ed Tittel, Mike
Chapple, James Michael Stewart, 6th Edition, Sybex Publication, 06 July 2012
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M M L M L S S S S
CO 2 M M L M S L S S S S
CO 3 M L M S M S M S S S
CO 4 M M L S L M S S S S
CO 5 M L M S S S M S S S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 92 of 90
M. Sc. Cyber Forensics & Information Security
1. Acquire the basic technologies that forms the foundations of Big Data.
2. Understand the programming aspects of cloud computing with a view to rapid
prototyping of complex applications.
3. Implement the specialized aspects of big data including big data application, and
Course Outcomes
big data analytics.
4. Study different types Case studies on the current research and applications of the
Hadoop and big data in industry
5. Gain knowledge about the basic technologies that forms the foundations of Big
Data
Course Soft skill - IV
Title of the Course Big Data
Credits 2
Units
Unit 1 The Power of Big Data in Cyber Security
Introduction to Big Data Analytics, Difference between Traditional Analytics and Big Data
Analytics, The Need for Big Data Analytics in Cyber Security , Limitation of Traditional
Security Mechanism, The Evolving threat landscape requires new security approaches, Big
Data analytics offers new opportunities to Cyber Security, The Category of current solutions,
Big Data Security analytics Architecture, Challenges to big data Analytics for Cyber Security.
Page 93 of 90
M. Sc. Cyber Forensics & Information Security
Method of Evaluation:
End Semester
Sessional I Sessional II Total Grade
Examination
20 20 60 100
Mapping with Programme Outcomes:
PO 1 PO 2 PO 3 PO 4 PO 5 PO 6 PO 7 PO 8 PO 9 PO 10
CO 1 M M M M S S S S S S
CO 2 M M S M M S S S S S
CO 3 M L M M S S S S S S
CO 4 M M S M S S S S S S
CO 5 L L L S S S M S M S
CO - Course Outcomes PO - Programme Outcomes S - Strong M - Medium L – Low
Page 94 of 90