School of Computer Science

Module 06-28210 (2016)

Incident Management and Forensics

Level 4/M

David Oswald Erik Tews Semester 2 10 credits
Co-ordinator: David Oswald
Reviewer: Tom Chothia

The Module Description is a strict subset of this Syllabus Page.

Outline

This module will teach students how to investigate and respond to cyber security incidents. This will include developing technical skills such as disk image and network log analysis, as well as high-level skills such as knowing what to do when investigating a system that might have been attacked.


Aims

The aims of this module are to:

TBC


Learning Outcomes

On successful completion of this module, the student should be able to:

  1. analyse a disk image, including one that has been subject to partial erasure or overwriting.
  2. analyse a suite of logs from a mixed infrastructure and describe the events that have taken place.
  3. put in place controls, processes and technologies which improve the ability to detect and respond effectively to an incident.
  4. to write a report suitable for use as evidence.

Restrictions

None


Teaching methods

Two 1-hour lectures a week.

Contact Hours:

22


Assessment

Sessional: Examination (80%) Continuous Assessment (20%)

Supplementary (where allowed): Exam (100%)


Detailed Syllabus

Not applicable


Programmes containing this module