CYBER FORENSICS AND INCIDENT RESPONSE

SHE Level 5
SCQF Credit Points 15.00
ECTS Credit Points 7.50
Module Code MMI125225
Module Leader Omair Uthmani
School School of Computing, Engineering and Built Environment
Subject Cyber Security and Networks
Trimesters
  • B (January start)
  • A (September start)

Pre-Requisite Knowledge

Adequate knowledge of Network Penetration Testing & Ethical Hacking and Digital Forensics Analysis concepts.

Summary of Content

The prevalence of cyber security incidents highlights the increase of potential risks in the digital arena. These vulnerabilities are fuelling the growing need for skilled professionals who can protect systems from attack, respond to security breaches and solve cybercrimes. This module builds on an understanding of the main principles behind digital forensics, together with the procedures for securing and analysing evidence to support investigations. It introduces the construction and development of different types of malicious code, including their implementation and methods of action in exploiting system weaknesses. The module focuses on the development of crucial analytical techniques for responding to security breaches and investigating cyber incidents. This includes the analysis, evaluation and reverse engineering of malicious code for forensic examination as well as the development of strategies useful for defending and recovering from attacks. The ethical and professional issues/requirements of the professional practitioner are incorporated throughout the syllabus.

Syllabus

Cybersecurity: Confidentiality, integrity, and availability as they relate to data states and cybersecurity countermeasures. Digital Forensics: Fundamental and defining principles of digital forensics. Incident Response Tactics. Preparation of audit trails. Advanced file analysis approaches, network forensics, mobile device forensic computing, data hiding and hostile code, encryption and forensics, investigation of fraud, data recovery. Malware Analysis Fundamentals & Approaches - Types of malware and their features. Malware distribution techniques. Methods of deception and strategies to evade detection. Intrusion signatures. Behavioural analysis of malicious executables. Reverse-engineering malware. Malicious Code Analysis - Reverse-engineering malware at the code level. Network analysis. Anti-disassembling techniques. Identifying assembly logic structures with a disassembler. Patterns of common malware characteristics at the API level. Methods for bypassing anti-analysis mechanisms. Malicious Documents and Memory Forensics - Reverse engineering of malicious executables using memory forensic techniques. Analysing memory to assess malware characteristics and reconstruct infection artifacts. Using memory forensics to analyse rootkit infections. Legal & Ethical Issues - Reinforce understanding and the application of discipline specific legal and ethical issues.

Learning Outcomes

On successful completion of this module a student should be able to:1. Compare and contrast the technologies, products and procedures used to ensure confidentiality, integrity and availability.2. Critique the policies, ethics, principles and procedures of forensic investigations and be aware of the legal aspects including documentary and evidentiary standards expected in presenting investigative findings.3. Systematically appraise malicious software, malicious code implementation and the methods of detecting software vulnerabilities.4. Identify, select and critically evaluate techniques at the forefront of the discipline used in detection strategies and the defense of systems against malicious software and software based attacks.5. Synthesize complex evidence and communicate subject knowledge clearly to specialist and non-specialist audiences.6. Examine and assess ethical issues and evaluate the professional requirements of a security practitioner.

Teaching / Learning Strategy

Work Based Education aims to maximise the direct and digitally mediated contact time with students by practicing teaching and learning strategies that use authentic work based scenarios and encourage action learning, enquiry based learning, problem based learning and peer learning. All these approaches aim to directly involve the students in the process of learning and to encourage sharing of learning between students. The module team will determine the level and accuracy of knowledge acquisition at key points in the delivery, inputting when necessary either directly or with the support of external experts who will add to the authenticity, the credibility and application of the education and learning in the workplace. The course material is introduced through lectures in the form of online presentations, which will cover the principles of the subject, will illustrate the relevance of it to the real-world and introduce a range of professional processes and practices. Students will engage with practical assignments and online tutorial material which may include instruction and peer-created content, and there will be seminars on campus which will allow students to discuss key concepts and issues with peers and with instructors. Students will be expected to undertake a significant level of independent study within the workplace, including practical activities, and links will be provided to appropriate external material such as podcasts, MOOCs, videos and literature to supplement the module content. Students will be encouraged to reflect upon the theoretical learning within the workplace and the application of newly learned concepts to the work environment, and this will form part of the module assessment. Students will receive feedback on their performance through the module through undertaking the practical assignments and tutorial exercises and participating in the seminars. The material presented in this module is potentially damaging if used maliciously and the capabilities developed in this module have potential for harm. Academics will emphasise the professional expectations of students as well as stressing the students' ethical and moral responsibilities to themselves and others, including the School and the University.

Indicative Reading

Sammons, J., (2015) - The Basics of Digital Forensics (Second Edition). Altheide, C. & Carvey, H., (2011) - Digital Forensics with Open Source Tools. Sikorski & Honig (2012), Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software, No Starch Press (1593272901). In addition to the reference material above several online resources (blogs, journals, websites, etc.), which reflect up to date understanding in the field, will be provided to students.

Transferrable Skills

Traditional Academic Skills - specialist knowledge, ability to apply knowledge, logical thinking, critical analysis, problem-solving, written and spoken communication, ability to use numerical data, and research skills Personal Development Skills - self-confidence, self-discipline, self-reliance, awareness of strengths and weaknesses, creativity, independence, knowledge of international affairs, desire to go on learning, ability to reflect, reliability, integrity, honesty and regard for others Enterprise Or Business Skills - ability to prioritise tasks, time management, interpersonal skills, presentational skills, ability to work in teams and leadership.

Module Structure

Activity Total Hours
Seminars (FT) 24.00
Assessment (FT) 15.00
Independent Learning (FT) 111.00

Assessment Methods

Component Duration Weighting Threshold Description
Exam (Exams Office) 2.00 50.00 45% Unseen written exam
Coursework 1 n/a 50.00 45% Practical work