Course - Incident Response, Ethical Hacking and Forensics - IMT3004
Incident Response, Ethical Hacking and Forensics
About
About the course
Course content
I. Incedent response
- Incident response planning: preparation, organization, building and
running a CSIRT, operational issues, hiring and training of personnel
- Incident response management: prevention, detection, notification,reaction, recovery, maintenance
- Advanced computer network defence: vulnerability and threat
assessment, threat intelligence and situational awareness, tools and
processes, information sharing
II. Ethical Hacking
- Ethical hacking methodology and process: Reconnaissance, scanning, exploitation and post-exploitation
- Low level vulnerability: buffer overflow, heartbleed, shellshock, EthernalBlue, ...etc
- Web exploitation: cross site scripting, SQL injection, cross site request forgery
- Password security: brute force and dictionary attacks, rainbow tables, and mitigations
III. Forensics
- Digital forensics methodology
- Live and file system forensics
- Forensic reconstructions
- Internet and network forensics
Learning outcome
Knowledge:
The candidate has knowledge about different activities associated with securing, attacking and investigating computer systems, including
- The candidate has general knowledge of planning for incident response
and managing the operational aspects of the incident response team.
- The candidate has general knowledge of how to perform incident
response for various types of adverse incidents, including intrusions
from advanced threat actors
- The candidate has general knowledge of digital Forensics methodology with a solid understanding of requirements for handling digital evidence.
- The candidate has general knowledge if ethical hacking techniques that are used to understand how attacker think and operate and identify weaknesses during operations.
Skills:
The candidate can
- Prepare for incident handling and perform incident response, as well as build, organize and manage an incident response team
- Perform ethical hacking activities to identify vulnerabilities in systems at different levels, exploit these vulnerabilities to gain access, and maintain this access
- Forensic acquisition of digital evidence from computer and network media
General Competence:
Candidates have insight into the methods of planning for incidents, defending information systems and testing these systems for weakness. In case of an incident they are able to collect evidence based on digital forensics methodologies and the relationship with incident handling.
Learning methods and activities
-Lectures
-Laboratory work
-Exercises
-Project work
Further on evaluation
Vurderingsformer:
-Written examination counts for 40%
-The project(s) counts for 60%
-All parts must be passed.
Resit examination in August for the written exam. New project at next course dates.
Specific conditions
Admission to a programme of study is required:
IT Operations and Information Security (BITSEC)
Recommended previous knowledge
-IMT2007 Network Security
-IMT3003 Service Architecture Operations
-IMT2282 Operating Systems
-IMT2008 ITSM, Security and Risk Management
Course materials
-Årnes, A. (Ed.). (2017). Digital Forensics. John Wiley
-Whitman, M. E., Mattord, H. J., & Green, A. (2013). Principles of incident response and disaster recovery. Cengage Learning.
Credit reductions
| Course code | Reduction | From |
|---|---|---|
| IMT3491 | 3.7 sp | |
| IMT3551 | 3.7 sp |
Subject areas
- Information Security
Contact information
Lecturers
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination
Ordinary examination - Autumn 2020
Oppgave
Home exam (1)
Submission 2020-12-14 Time Release 09:00
Submission 10:00 Duration 1 hours Exam system Inspera Assessment
- Other comments
- 1) Merk at eksamensform er endret som et smittevernstiltak i den pågående koronasituasjonen. Please note that the exam form has changed as a preventive measure in the ongoing corona situation.