Incident Response & Digital Forensics

Aim

To provide students with the essential skills to conduct an investigation of compromised systems during or after a cyber/security incident.

Learning Outcomes

On successful completion of this course, the learner will be able to:

1. Evaluate the use and application of incident response methodologies in dealing with system security-related incidents.
2. Acquire and analyse live response data from compromised systems.
3. Analyse memory for evidence of a compromise.
4. Analyse file system and operating system artefacts for evidence of a compromise.
5. Evaluate and apply tools and common processes in performing analysis of compromised systems.
6. Apply research methods to obtain current knowledge of events and tools/support kits in the subject area.

Indicative content

• Incident response methodologies
• File system analysis
• Operating system artefact analysis
• Acquisition and analysis of data from ‘live’ systems
• Memory analysis
• Common methods used by malicious actors to compromise systems