04-801-K2   Tracking Cybercrimes

Location: Africa

Units: 6

Semester Offered: Fall

Course description

This course covers the use of computational methods for crime investigation in cyberspace. In today’s world, evidence related to cybercrimes can span multiple disparate (internet) locations and be spread over large quantities of data and media. This course will teach computational methods to link and analyze such large-scale and diverse types of data to uncover relevant information. The focus of this course is on forensic investigations (tracking evidence after a cybercrime has been committed) rather than cybersecurity (preventing or pre-empting the commission of a cybercrime). It includes topics such as finding fake accounts on social media, uncovering social engineering schemes, tracking the originators of malicious emails and malware, getting information about activities on the dark web, etc. Students will learn specific core concepts such as how the internet works, how the dark web works, what technologies empower cybercrime (e.g., cryptocurrencies, and cryptographic principles behind them), how social media works, etc. Since the scope of this subject is vast, the course will essentially be a breadth course. However, students will learn in enough depth to do practical work in tracking specific kinds of cybercrime. This course is of a cross-disciplinary nature. Students from all disciplines are welcome to take this course.

Learning objectives

  • Build awareness of global crime, and legal requirements that must be fulfilled for forensic evidence to be acceptable in courts of law across the world.
  • Teach students how to leverage large volumes of data from diverse sources, for the analysis and interpretation of evidence. The focus will be on pattern discovery and information linkage.
  • Show how different kinds of evidence are analyzed, emphasizing the role of AI- and ML-based computational methods of deduction.


  • To have enough depth of knowledge to be able to harness computational and AI techniques in solving specific forensic challenges in cyberspace.
  • To have enough breadth of knowledge to anticipate the types of crime scenarios that we are likely to encounter in cyberspace in the near future.


Students must be able to program in Python or any contemporary programming language and must have basic knowledge of web interfaces and HTML. They must know how to download and run source code from the internet (at the least). Knowledge of basic signal processing concepts is desirable.


Rita Singh