CIS6395: Incident Response Technologies
(Fall 2021)

Home                      Schedule notes                        Assignment

Instructor:        Dr. Cliff Zou (HEC-243),  407-823-5015,

Course Time:   MoWe 10:30am-11:45am,  CB1-218 (real-time lecture and zoom recording)

Office Hour:    MoWe 12pm - 1:30pm, in HEC243, You can come to my office, call office phone (407-823-5015) or join office hour Zoom meeting via webcourse’s Zoom link

Course Classroom: CB1-218 classroom is used for in-campus lecturing; at the same time, we rely on Zoom-based real-time lecture recording to provide real-time remote participation and recorded lecture videos for online students

Prerequisite:     CGS 5131 and CNT 6418, or C.I.          
                  Knowledge on computer architecture, data structure, and networking;
                  Knowledge of basic usage of Linux machine.

Textbook:    There is no require textbook. We will use research papers and some contents from the following reference books.
1. The Basics of Hacking and Penetration Testing (2nd edition) by Patrick Engebretson (2013). ISBN-10: 0124116442, ISBN-13: 978-0124116443
2. Network Forensics: Tracking Hackers through Cyberspace, by Sherri Davidoff and Jonathan Ham (2012). ISBN-10: 0132564718, ISBN-13: 978-0132564717

Zoom-based real-time lecturing and video streaming:

We will use WebCourse’s integrated Zoom system for real-time online lecturing and video streaming. Both face-to-face session (0V01) and online session (0V61) students have the freedom to either join or not join in the real-time Zoom lecturing on the lecture time via the “Zoom” tab link in the webcourse (Monday/Wednesday 10:30am-11:45am). Everyone can access the recorded lecture video via the “Zoom” tab link in Webcourse after each lecture time (clicking the ‘Cloud Recordings’ tab). Webcourse will also be used for lecture content dissemination, assignment release and submission.

Course Learning Objectives:

(a) Understand basic knowledge and procedure on handling with cyber security attack, data breach, data damage incidents;
(b) Able to conduct basic forensic analysis of Windows and Linux systems;
(c) Able to use popular tools in analyzing compromised systems and conducting static and dynamic malware analysis;
(d) Able to conduct basic penetration testing (information gathering and exploitation);
(e) Able to use Wireshark for network traffic capture and analysis, and use Splunk software to process and analyze security logs.

Course Outline of Topics:

- Course outline and introduction
- Background knowledge: Basic Networking Principles
- Get familiar with VirtualBox Virtual Machine software and installation of Kali Linux VM
- Linux basic usage and administration
- Network traffic monitoring and Wireshark usage
- Malware Incident Response
    - Static Analysis
    - Dynamic Analysis
- Basic Reverse Engineering
- Incident Response and Event Log Analysis
- Use Splunk for Incident Response and Event Log Analysis
- Penetration Testing
    - Information gathering
    - Scanning
    - Exploitation
- System hardening: example of securing a vulnerable virtual machine system


+/- grading system will be used as A, A-, B+, B, etc. The tentative weights are as follows:

Assessment                             Percent of Final Grade

Regular Assignments (4)                     60%
Mid-term Exam (1)                            20%
Final Exam (1)                                   20%