CNIT 152: Incident ResponseFall 2018 Sam BowneSchedule · Lectures · Projects · Links · Home Page |
TextbookIncident Response & Computer Forensics, Third Edition by by Jason Luttgens, Matthew Pepe, and Kevin Mandia |
Catalog DescriptionWhen computer networks are breached, incident response (IR) is required to assess the damage, eject the attackers, and improve security measures so they cannot return. This class covers the IR tools and techniques required to defend modern corporate networks. This class is part of the Advanced Cybersecurity Certificate. QuizzesThe quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts. Live StreamingLive stream at: Kahoot and ZoomThe Kahoot competitions don't work well with the CCSF livestream, because it has a delay. For them, use Zoom: For class-related questions, please emailcnit.152sam@gmail.com |
Schedule (may be revised) | ||||
---|---|---|---|---|
Mon 8-20 | 1 Real-World Incidents
| |||
Mon 8-27 | Quizzes: Ch 1 & 2 * | 2 IR Management Handbook
| ||
Mon 9-3 | Holiday: No Class | |||
Fri 9-7 | Last Day to Add | |||
Mon 9-10 | Quiz: Ch 3
Proj 1 & 2 due |
3 Pre-Incident Preparation
| ||
Mon 9-17 | Quiz: Ch 4-5
Proj 3 due |
4 Getting the Investigation Started on the Right Foot
5 Initial Development of Leads
| ||
Mon 9-24 | Quiz: Ch 6-7
Proj 4 & 5 due |
6 Discovering the Scope of the Incident
7 Live Data Collection
| ||
Mon 10-1 | Quiz: Ch 8
Proj 6 due |
8 Forensic Duplication
| ||
Mon 10-8 | Quiz: Ch 9
Proj 7 & 8 due |
9 Network Evidence
| ||
Mon 10-15 | Quiz: Ch 10
Proj 9 due |
10 Enterprise Services
| ||
Mon 10-22 | No Quiz
No Proj due |
| ||
Mon 10-29 | Quiz: Ch 11
Proj 10 & 11 due |
11 Analysis Methodology
| ||
Mon 11-5 | Quiz: Ch 12 (Part 1)
Proj 12 due |
12 Investigating Windows Systems (Part 1)
| ||
Mon 11-12 | Holiday: No Class | |||
Mon 11-19 | No Class -- School Closed Due to Smoke | |||
Mon 11-26 | Quiz: Ch 12 (Part 2)
Proj 13 & 14 due |
12 Investigating Windows Systems (Part 2)
| ||
Mon 12-3 | Quiz: Ch 12 (Part 3)
Proj 15 due |
12 Investigating Windows Systems (Part 3)
| ||
Mon 12-10 | Quiz Ch 13 Available (Extra Credit) No Proj due |
Last Class: 13 Investigating Mac OS X Systems
| ||
Thu 12-13 - Thu 12-20 |
Final Exam available online throughout the week. You can only take it once. | |||
All quizzes due 30 min. before class * No late penalty until after 9-10 |
Lectures | |
---|---|
Grading Policy | |
1 Real-World Incidents ·
KEY
2 IR Management Handbook · KEY 3 Pre-Incident Preparation · KEY 4 Getting the Investigation Started on the Right Foot & 5 Initial Development of Leads · KEY 6 Discovering the Scope of the Incident & 7 Live Data Collection · KEY 8 Forensic Duplication · KEY 9 Network Evidence · KEY 10 Enterprise Services · KEY 11 Analysis Methodology · KEY 12 Investigating Windows Systems (Part 1 of 3) · KEY 12 Investigating Windows Systems (Part 2 of 3) · KEY 12 Investigating Windows Systems (Part 3 of 3) · KEY 13 Investigating Mac OS X Systems · KEY 14 Investigating Applications · KEY 16 Report Writing · KEY 17 Remediation Introduction (Part 1) · KEY 18 Remediation Case Study
| |
Note: the Slideshare lectures are for CNIT 152 even if they start with a page saying "CNIT 121". |