Digital forensics studies laws and develops technologies for fighting computer crimes. Digital forensic investigations can be classified from various perspectives. Based on whether the target is a standalone computer or a computer network, we have computer forensics and network forensics respectively. Based on whether the target is software or hardware, we have software forensics and hardware forensics. Investigations of different applications require domain-specific knowledge, and so we also have application-specific forensics, such as database forensics, email forensics, and web forensics.
This lab will give a brief introduction of the basic principles and protocols of 802.11 Wifi network as well as three major 802.11 frame types. Based on the usage of tcpdump from previous labs, students will be asked to use tcpdump in monitor mode to capture packets with radiotap header information, analyze signal strength and figure out which wireless frame contains radiotap header and how different distances effect received signal strength. Students are assumed to be comfortable using a command line interface.
This lab provides students an introduction to a powerful network packet TCP/IP sniffer, tcpdump, and its basic usage within a virtualized environment. Students are assumed to be comfortable using a command line interface.
We have a new VM Lab Setup page. The page introduces computer forensics lab setup and network forensics lap setup. Notes are given for students interested in setting up their own lab environment at home.
Project 3 has been posted, please take a look and submit criticisms and commentary (especially any bugs or typos) to
Also, for your daily dose of humor, try the following:
After going without updates for several years, the CCF website (Previously the CFL: Cyber Forensics Lab) has been upgraded, and has some new content.
Please check out the security projects, even if you don't attend UMass.
Any feedback is welcome at
All old content will be ported over from the previous site to this one as well, but the old site is no longer publicly available because of the risk of running a vulnerable version of PmWiki. Any requests for older content can be directed to the same email as above for the time being.
This is the new home of the Center for Cyber Forensics, out of UMass Lowell.
The old site's data will be slowly migrating its way over to this new version, and will meantime be unavailable, as the previous content management system was vulnerable to code injection. We apologize for any inconvenience.
Queries can be directed to
xinwenfu [at] cs.uml.edu for all CCF affairs,
mmcginty [at] cs.uml.edu for webmastery issues, criticisms, comments, etc.