Formation/Cours

Skills expected : 34 (342/343), 43 (431/432/433), 56 (561/562), 63 (634), 110 (1102)

This module is an in-depth study of systems and networks in four areas: research and collection of computer data, their analysis (production of evidence), their interpretation (production of an investigation report), and finally Their archiving. The objective is to produce the diagnosis of a machine by mobilizing specific tools and techniques around specific processes.

Orientation is suitable for engineering profiles in the security field.

At the end of the course, the student will:

– Know how to analyze a file system, a memory image, a network traffic
– Be able to detect abnormalities, abnormal activities, and to identify evidence
– Be able to trace the complete scenario of the actions not conforming to the standard use
– Be able to diagnose an incident
– Understand malignant exploitation of vulnerabilities in a computer system

The project approach requires the acquisition of transversal skills in the analysis of the data, the proposed scenarios and the written restitution of the work carried out and the conclusions.

This module covers the following topics:

– The network traffic analysis and reconstruction of the exchange history
– The analysis of a file system for hidden information
– The analysis of the machine memory and retrieve of the information it contains
– The concealment of information in files
– The methodology of forensics and report writing