The CyFIR concentration capstone course challenges students by placing them in a series of hands-on exercises based on real world scenarios. Students will work together in groups to respond to and investigate large-scale corporate and government intrusions. Instructors will teach advanced event correlation and reconstruction techniques as well as emerging data collection and analysis approaches. Using both host-based and network-based forensics techniques, students will learn to effectively synthesize data, utilize problem solving skills to draw investigative conclusions, and document their analysis. Additionally, students will be required to follow sound forensic methodologies to protect and prepare digital evidence throughout their mock investigations. Furthermore, students will learn to effectively summarize and communicate their forensic analysis through technical report writing and communication best practices.

Class format

Lecture and project-based

Home department

INI

Target audience

INI students 

Background required

14-761, 14-822, and 14-823 are prerequisites.

Learning objectives

Upon completion of this course, students will be prepared to participate in and guide enterprise cyber security incident response and forensic operations for large organizations. 

Faculty and instructors who have taught this course in the past

Rotum Guttman