course-details-portlet

IMT3004

Incident Response, Ethical Hacking and Forensics

Choose study year

New from the academic year 2018/2019

Credits 10
Level Third-year courses, level III
Course start Autumn 2018
Duration 1 semester
Language of instruction English
Location Gjøvik
Examination arrangement Assignment and Written examination

About

About the course

Course content

I. Incedent response
- Incident response planning: preparation, organization, building and
running a CSIRT, operational issues, hiring and training of personnel
- Incident response management: prevention, detection, notification,reaction, recovery, maintenance
- Advanced computer network defence: vulnerability and threat
assessment, threat intelligence and situational awareness, tools and
processes, information sharing

II. Ethical Hacking
- Ethical hacking methodology and process: Reconnaissance, scanning, exploitation and post-exploitation
- Low level vulnerability: buffer overflow, heartbleed, shellshock, EthernalBlue, ...etc
- Web exploitation: cross site scripting, SQL injection, cross site request forgery
- Password security: brute force and dictionary attacks, rainbow tables, and mitigations

III. Forensics
- Digital forensics methodology
- Live and file system forensics
- Forensic reconstructions
- Internet and network forensics

Learning outcome

Knowledge:
The candidate has knowledge about different activities associated with securing, attacking and investigating computer systems, including
- The candidate has general knowledge of planning for incident response
and managing the operational aspects of the incident response team.
- The candidate has general knowledge of how to perform incident
response for various types of adverse incidents, including intrusions
from advanced threat actors
- The candidate has general knowledge of digital Forensics methodology with a solid understanding of requirements for handling digital evidence.
- The candidate has general knowledge if ethical hacking techniques that are used to understand how attacker think and operate and identify weaknesses during operations.


Skills:
The candidate can
- Prepare for incident handling and perform incident response, as well as build, organize and manage an incident response team
- Perform ethical hacking activities to identify vulnerabilities in systems at different levels, exploit these vulnerabilities to gain access, and maintain this access
- Forensic acquisition of digital evidence from computer and network media


General Competence:
Candidates have insight into the methods of planning for incidents, defending information systems and testing these systems for weakness. In case of an incident they are able to collect evidence based on digital forensics methodologies and the relationship with incident handling.

Learning methods and activities

-Lectures
-Laboratory work
-Exercises
-Project work

Further on evaluation

Vurderingsformer:
-Written examination counts for 40%
-The project(s) counts for 60%
-All parts must be passed.

Re-sit examination:
No re-sit examination, projects and exam are closely connected and related. New project(s) and exam at next course dates

Specific conditions

Admission to a programme of study is required:
IT Operations and Information Security (BITSEC)

Credit reductions

Course code Reduction From
IMT3491 3.7 sp
IMT3551 3.7 sp
This course has academic overlap with the courses in the table above. If you take overlapping courses, you will receive a credit reduction in the course where you have the lowest grade. If the grades are the same, the reduction will be applied to the course completed most recently.

Subject areas

  • Information Security

Contact information

Course coordinator

Lecturers

Department with academic responsibility

Department of Information Security and Communication Technology

Examination

Examination

Examination arrangement: Assignment and Written examination
Grade: Letters

Ordinary examination - Autumn 2018

Oppgave
Weighting 60/100 Duration 1 semesters Exam system Inspera Assessment
Skriftlig eksamen
Weighting 40/100 Examination aids Code E Date 2018-12-13 Time 09:00 Duration 3 hours Exam system Inspera Assessment
Place and room for skriftlig eksamen

The specified room can be changed and the final location will be ready no later than 3 days before the exam. You can find your room location on Studentweb.

Ametyst
Room A061
Room A-atriet-2/3 (A-160)