CIS6395: Incident
Response Technologies
(Fall 2016)
Home Schedule notes Assignment
Instructor: Dr. Cliff Zou (HEC-243), 407-823-5015, czou@cs.ucf.edu
Course Time: MoWe 12:00pm-1:15pm, ENG1-386A
Office Hour:
MoWe 9:30am-11:30am, in HEC243
Course Webpage: http://www.cs.ucf.edu/~czou/CIS6395-16/
Syllabus:
PDF
Video Streaming: We will use the Panopto system for video streaming. Recorded videos can be accessed via the “Panopto Video” link in Webcourse. Both face-to-face session (0R01) and online session (0V61) students can access the lecture video. Each class video will be available in late afternoon after each face-to-face lecture on Monday and Wednesday. Webcourse will be used for assignment release and submission.
Prerequisite:
CGS 5131 and CNT 6418, or C.I.
Knowledge on computer architecture, data structure, and networking;
Knowledge of basic usage of Linux machine.
Textbook:
There is
no require textbook.
We will use research papers and some contents from the
following reference books.
1. The Basics of Hacking
and Penetration Testing (2nd edition) by Patrick Engebretson (2013)
2. Hacker Techniques, Tools, and Incident Handling
(2nd edition) by Sean-Philip Oriyano (2013)
Course Catalog Description:
3(3,0). PR: CGS 5131 and CNT 6418, or C.I. This course covers security incidents and intrusions. Topics include: identifying and categorizing incidents, responding to incidents, log analysis, network traffic analysis, and tools.
Course Learning Objectives:
(a) Understand basic knowledge and procedure on
handling with cyber security attack, data breach, data damage incidents;
(b) Able to conduct basic forensic analysis of Windows and Linux systems;
(c) Able to use popular tools in analyzing compromised systems and
conducting static and dynamic malware analysis;
(d) Able to conduct
basic penetration testing (information gathering and exploitation);
(e)
Able to use Wireshark for network traffic capture and analysis, and use
Splunk software to process and analyze security logs.
Course Outline:
• Course outline and introduction
•
Background knowledge: Basic Networking Principles
• Get familiar with
VirtualBox Virtual Machine software and installation of Kali Linux VM
•
Linux basic usage and administration
• Network traffic monitoring and
Wireshark usage
• Malware Incident Response
o
Static Analysis
o Dynamic Analysis
• Basic Reverse
Engineering
• Windows Incident Response and Event Log Analysis
•
Linux Incident Response and Event Log Analysis
• Penetration Testing
o Information gathering
o Scanning
o Exploitation
Grading:
+/- grading system will be used as A, A-, B+, B, etc. The tentative weights are as follows:
Assessment
Percent of Final Grade
Regular Assignments (4)
60%
Mid-term Exam
(1)
20%
Final Exam (1)
20%