Incident Response Technologies

Home                      Lecture Notes                        Assignment

---

Instructor:        Dr. Cliff Zou ,  407-823-5015,   czou@cs.ucf.edu

Prerequisite:              
                  Knowledge on computer architecture, data structure, and networking;
                  Knowledge of basic usage of Linux machine.

Textbook:   

There is no require textbook. We will use research papers and some contents from the following reference books.
1. The Basics of Hacking and Penetration Testing (2nd edition) by Patrick Engebretson (2013). ISBN-10: 0124116442, ISBN-13: 978-0124116443
2. Network Forensics: Tracking Hackers through Cyberspace, by Sherri Davidoff and Jonathan Ham (2012). ISBN-10: 0132564718, ISBN-13: 978-0132564717

Course Learning Objectives:

(a) Understand basic knowledge and procedure on handling with cyber security attack, data breach, data damage incidents;
(b) Able to conduct basic forensic analysis of Windows and Linux systems;
(c) Able to use popular tools in analyzing compromised systems and conducting static and dynamic malware analysis;
(d) Able to use Wireshark for network traffic capture and analysis, and use Splunk software to process and analyze security logs.

Course Outline:

. Course outline and introduction
. Background knowledge: Basic Networking Principles
. Get familiar with VirtualBox Virtual Machine software and installation of Kali Linux VM
. Linux basic usage and administration
. Network traffic monitoring and Wireshark usage
. Malware Incident Response
    o Static Analysis
    o Dynamic Analysis
. Basic Reverse Engineering
. Incident Response and Event Log Analysis
. Use Splunk for Incident Response and Event Log Analysis