Course - Incident Response, Ethical Hacking and Forensics - IMT3004
Incident Response, Ethical Hacking and Forensics
Choose study yearNew from the academic year 2018/2019
About
About the course
Course content
I. Incedent response
- Incident response planning: preparation, organization, building and
running a CSIRT, operational issues, hiring and training of personnel
- Incident response management: prevention, detection, notification,reaction, recovery, maintenance
- Advanced computer network defence: vulnerability and threat
assessment, threat intelligence and situational awareness, tools and
processes, information sharing
II. Ethical Hacking
- Ethical hacking methodology and process: Reconnaissance, scanning, exploitation and post-exploitation
- Low level vulnerability: buffer overflow, heartbleed, shellshock, EthernalBlue, ...etc
- Web exploitation: cross site scripting, SQL injection, cross site request forgery
- Password security: brute force and dictionary attacks, rainbow tables, and mitigations
III. Forensics
- Digital forensics methodology
- Live and file system forensics
- Forensic reconstructions
- Internet and network forensics
Learning outcome
Knowledge:
The candidate has knowledge about different activities associated with securing, attacking and investigating computer systems, including
- The candidate has general knowledge of planning for incident response
and managing the operational aspects of the incident response team.
- The candidate has general knowledge of how to perform incident
response for various types of adverse incidents, including intrusions
from advanced threat actors
- The candidate has general knowledge of digital Forensics methodology with a solid understanding of requirements for handling digital evidence.
- The candidate has general knowledge if ethical hacking techniques that are used to understand how attacker think and operate and identify weaknesses during operations.
Skills:
The candidate can
- Prepare for incident handling and perform incident response, as well as build, organize and manage an incident response team
- Perform ethical hacking activities to identify vulnerabilities in systems at different levels, exploit these vulnerabilities to gain access, and maintain this access
- Forensic acquisition of digital evidence from computer and network media
General Competence:
Candidates have insight into the methods of planning for incidents, defending information systems and testing these systems for weakness. In case of an incident they are able to collect evidence based on digital forensics methodologies and the relationship with incident handling.
Learning methods and activities
-Lectures
-Laboratory work
-Exercises
-Project work
Further on evaluation
Vurderingsformer:
-Written examination counts for 40%
-The project(s) counts for 60%
-All parts must be passed.
Re-sit examination:
No re-sit examination, projects and exam are closely connected and related. New project(s) and exam at next course dates
Specific conditions
Admission to a programme of study is required:
IT Operations and Information Security (BITSEC)
Recommended previous knowledge
-IMT2007 Network Security
-IMT3003 Service Architecture Operations
-IMT2282 Operating Systems
-IMT2008 ITSM, Security and Risk Management
Credit reductions
Course code | Reduction | From |
---|---|---|
IMT3491 | 3.7 sp | |
IMT3551 | 3.7 sp |
Subject areas
- Information Security
Contact information
Course coordinator
Lecturers
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination
Ordinary examination - Autumn 2018
Oppgave
Skriftlig eksamen
The specified room can be changed and the final location will be ready no later than 3 days before the exam. You can find your room location on Studentweb.