Does not apply.

This subject leads to the following set of basic competences: CB6: Master the knowledge required to propose original designs or developments, often in a research process within the area of cyber security. CB7: Ability to apply acquired knowledge to solve problems under novel or almost novel situations or within broader (multidisciplinar) contexts related with cyber security. CB8: Ability to state critical opinions and judgements having incomplete or limited information in the field of cyber security. These judgements must take into account include considerations about social and ethical responsibilities CB9: Discuss in a public audience about their acquired knowledge, and the conclusions from the work. Students will be able to give their foundational and most convincing reasons to a specialized and non specialized audience in a clear way, without ambiguities. CB10: Students should have the learning skills required to continue studying in a autonomous or self-directed way. Concerning general and specific competences, students will be able to: CG2: Create, design, deploy and maintain a cyber defense global system in a given context. CG3: Create and refine concise and comprehensively documents, plans and projects in the scope of cyber security. CG4: Know the relevant technique part of the legal regulation in cyber security and its implications in the design of systems and security tools. CE4: Analyze systems to find attack evidences and to adopt the required measures to maintain the custody chain of the found evidences. After passing the subject and as learning results, students will be able to: - Design strategies to distribute sensors in a network and analyze observed events to determine which are relevant in a particular case. - Given a system under attack, identify the features of most of these attacks and point out the most probable sources. - Given an attacked systems, find attack evidences and explain the required mechanisms to preserve the chain of custody of such evidences. - Understand legal and technical aspects related to cybersecurity.

Forensic analysis of information systems: 1. Introduction to forensic analysis 1.1. What is it? 1.2. Case examples 1.3. Key concepts 2. Forensic analysis lab 2.1. Lab description 2.2. Policies and procedures 2.3. Quality assurance 2.4. Tools 2.5. Evidences: gathering, analysis and custody 2.6. Forensic report 3. Forensics analysis tools 3.1. Forensic analysis of file systems 3.2. Forensic analysis of memory 3.3. Forensic analysis in computer networks 3.4. Forensic analysis related to Internet and e-mail 3.5. Forensic analysis of mobile devices 3.6. Anti-forensics tools and techniques

Learning activities: Theoretical lectures Practical lectures Mixed theoretical and practical lectures Laboratory practices Tutoring sessions Teamwork Individual work by the student In this subject, concepts will be applied live during the sessions. For this purpose, a set of exercises will be taken as a basis for each session. Students will have to develop several practical cases of forensic analysis. As part of their work, students may have to perform a critical analysis of other students' forensic reports. Particularly, the methodology is based on: - MD1. Lectures using computers in which key concepts are introduced and bibliography is pointed out. - MD2. Critical analysis of readings (articles in press, reports, manuals, papers, etc.) suggested by teachers. This may be used for a further discussion or to consolidate concepts. - MD3. Practical case and problems resolution, individually or in groups. - MD4. Presentation or discussion of related topics and practical cases. - MD5. Development of tasks and reports, individually or in groups.