Design of Network Forensics Labs for Teaching-oriented Institutions

Abstract

Network-related cyber crimes including Phishing attacks, DDoS attacks, Identity Theft, etc. increase significantly with the extension of networked devices and systems. Cyber crime investigation conducted by network forensic professionals is critical not only to discover the source of security attacks but also to prevent future crimes. Although colleges and universities start involving forensics in education programs and forensics professionals training based on well-designed and effective curricula, there is still a significant gap between the supply of qualified network forensics professionals and what the market demands. As a highly technical subject, network forensics requires practitioners to obtain necessary knowledge and skills through both theoretical learning hands-on labs. However, survey of existing curricula shows the lack of hands-on network forensics labs. Therefore, we aim to develop a suite of initial hands-on network forensics labs that can be easily integrated into a Network Forensics course. The design focuses on addressing two major issues, building an isolated lab environment from the existing campus network and creating labs that provide realistic and practical experiences. In this paper, we first discuss the challenges of developing network forensics labs, then we describe our approaches to overcome those challenges. In addition, we also present the design of three typical network forensics labs. We believe that our designed labs, as well as the lessons learned, can help other institutions to develop effective network forensics courses.