Module 06-28210 (2016)
Incident Management and Forensics
|David Oswald Erik Tews||Semester 2||10 credits|
This module will teach students how to investigate and respond to cyber security incidents. This will include developing technical skills such as disk image and network log analysis, as well as high-level skills such as knowing what to do when investigating a system that might have been attacked.
The aims of this module are to:
On successful completion of this module, the student should be able to:
- analyse a disk image, including one that has been subject to partial erasure or overwriting.
- analyse a suite of logs from a mixed infrastructure and describe the events that have taken place.
- put in place controls, processes and technologies which improve the ability to detect and respond effectively to an incident.
- to write a report suitable for use as evidence.
Two 1-hour lectures a week.
Sessional: Examination (80%) Continuous Assessment (20%)
Supplementary (where allowed): Exam (100%)
Programmes containing this module
- MSc Cyber Security [504B]