CIS6395: Incident Response Technologies
(Fall 2016)


Home                      Schedule notes                        Assignment


Instructor:        Dr. Cliff Zou (HEC-243),  407-823-5015,   czou@cs.ucf.edu

Course Time:   MoWe 12:00pm-1:15pm,  ENG1-386A

Office Hour:    MoWe 9:30am-11:30am, in HEC243
Course Webpage  http://www.cs.ucf.edu/~czou/CIS6395-16/

Syllabus:  PDF

Video Streaming: We will use the Panopto system for video streaming. Recorded videos can be accessed via the “Panopto Video” link in Webcourse. Both face-to-face session (0R01) and online session (0V61) students can access the lecture video. Each class video will be available in late afternoon after each face-to-face lecture on Monday and Wednesday. Webcourse will be used for assignment release and submission.

Prerequisite:     CGS 5131 and CNT 6418, or C.I.          
                  Knowledge on computer architecture, data structure, and networking;
                  Knowledge of basic usage of Linux machine.

Textbook:   

There is no require textbook. We will use research papers and some contents from the following reference books.
1. The Basics of Hacking and Penetration Testing (2nd edition) by Patrick Engebretson (2013)
2. Hacker Techniques, Tools, and Incident Handling (2nd edition) by Sean-Philip Oriyano (2013)

Course Catalog Description:

3(3,0). PR: CGS 5131 and CNT 6418, or C.I. This course covers security incidents and intrusions. Topics include: identifying and categorizing incidents, responding to incidents, log analysis, network traffic analysis, and tools.

Course Learning Objectives:

(a) Understand basic knowledge and procedure on handling with cyber security attack, data breach, data damage incidents;
(b) Able to conduct basic forensic analysis of Windows and Linux systems;
(c) Able to use popular tools in analyzing compromised systems and conducting static and dynamic malware analysis;
(d) Able to conduct basic penetration testing (information gathering and exploitation);
(e) Able to use Wireshark for network traffic capture and analysis, and use Splunk software to process and analyze security logs.

Course Outline:

• Course outline and introduction
• Background knowledge: Basic Networking Principles
• Get familiar with VirtualBox Virtual Machine software and installation of Kali Linux VM
• Linux basic usage and administration
• Network traffic monitoring and Wireshark usage
• Malware Incident Response
    o Static Analysis
    o Dynamic Analysis
• Basic Reverse Engineering
• Windows Incident Response and Event Log Analysis
• Linux Incident Response and Event Log Analysis
• Penetration Testing
    o Information gathering
    o Scanning
    o Exploitation 

Grading:

+/- grading system will be used as A, A-, B+, B, etc. The tentative weights are as follows:

Assessment                             Percent of Final Grade

Regular Assignments (4)                     60%
Mid-term Exam (1)                            20%
Final Exam (1)                                   20%