Funded by National Science Foundation (NSF)
Funded by Cyber Florida
Incident
Response Technologies
Instructor: Dr. Cliff Zou , 407-823-5015, czou@cs.ucf.edu
Prerequisite:
Knowledge on computer architecture, data structure, and networking;
Knowledge of basic usage of Linux machine.
Textbook:
There is
no require textbook.
We will use research papers and some contents from the
following reference books.
1.
The Basics of Hacking and Penetration Testing (2nd edition) by Patrick
Engebretson (2013). ISBN-10: 0124116442, ISBN-13: 978-0124116443
2. Network Forensics: Tracking Hackers through
Cyberspace, by Sherri Davidoff and Jonathan Ham (2012). ISBN-10: 0132564718,
ISBN-13: 978-0132564717
Course Learning Objectives:
(a) Understand basic knowledge and procedure on
handling with cyber security attack, data breach, data damage incidents;
(b) Able to conduct basic forensic analysis of Windows and Linux systems;
(c) Able to use popular tools in analyzing compromised systems and
conducting static and dynamic malware analysis;
(d)
Able to use Wireshark for network traffic capture and analysis, and use
Splunk software to process and analyze security logs.
Course Outline:
. Course outline and introduction
.
Background knowledge: Basic Networking Principles
. Get familiar with
VirtualBox Virtual Machine software and installation of Kali Linux VM
.
Linux basic usage and administration
. Network traffic monitoring and
Wireshark usage
. Malware Incident Response
o
Static Analysis
o Dynamic Analysis
. Basic Reverse
Engineering
. Incident Response and Event Log Analysis
. Use Splunk for Incident Response and
Event Log Analysis