CNIT 152: Incident Response

Fall 2018 Sam Bowne

Schedule · Lectures · Projects · Speakers · Links · Home Page

Textbook

Incident Response & Computer Forensics, Third Edition by by Jason Luttgens, Matthew Pepe, and Kevin Mandia
Publisher: McGraw-Hill Education; 3 edition (August 1, 2014)
Sold by: Amazon Digital Services, LLC
ASIN: B00JFG7152
Kindle edition: $36, Paper edition: $16 (prices I saw on 4-10-16 at Amazon)
Buy from Amazon ($15 - $40)

Catalog Description

When computer networks are breached, incident response (IR) is required to assess the damage, eject the attackers, and improve security measures so they cannot return. This class covers the IR tools and techniques required to defend modern corporate networks. This class is part of the Advanced Cybersecurity Certificate.

Schedule not ready yet

Lectures

Policy
Student Agreement
1 Real-World Incidents · KEY · PDF
2 IR Management Handbook · KEY · PDF
3 Pre-Incident Preparation · KEY · PDF
4 Getting the Investigation Started on the Right Foot &
5 Initial Development of Leads
· KEY · PDF
6 Discovering the Scope of the Incident &
7 Live Data Collection
· KEY · PDF
8 Forensic Duplication · KEY · PDF
9 Network Evidence · KEY · PDF
10 Enterprise Services · KEY · PDF
11 Analysis Methodology · KEY · PDF
12 Investigating Windows Systems (Part 1 of 3) · KEY · PDF
12 Investigating Windows Systems (Part 2 of 3) · KEY · PDF
12 Investigating Windows Systems (Part 3 of 3) · KEY · PDF
13 Investigating Mac OS X Systems · KEY · PDF
14 Investigating Applications · KEY · PDF
15 Malware Triage
16 Report Writing · KEY · PDF
17 Remediation Introduction (Part 1) · KEY · PDF
18 Remediation Case Study

Click a lecture name to see it on SlideShare.
If you want to use other formats, you may find this useful: Cloud Convert.

Projects (May Be Revised)

Downloading the Virtual Machines

Download VMware Player

Project 1: Using Virtual Machines (revised 8-16-16) (15 pts.)

How to Fix Kali 2 Repositories

Project 2: Capturing a RAM Image (written 1-7-2014) (15 pts.)
     memdump.7z (Use right-click, "Save As...")
Project 3: Analyzing a RAM Image with Bulk Extractor (written 1-7-2014) (15 pts.)
Project 4: Analyzing a RAM Image with Volatility (written 1-8-2014) (15 pts.)
Project 5: Prefetch (10 pts.)
Project 6: Recovering Deleted Photographs with PhotoRec (10 pts.)
     nps-2009-canon2-gen6.dd (Use right-click, "Save As...")
Project 7: Rebuilding an Image Header (10 pts.)
     badheader.jpg (Use right-click, "Save As...")
Project 8: NTFS Data Runs (25 pts.) (Rev. 10-5-16)
      FILE1.TXT       FILE2.TXT
Project 9: Fixing the Partition Table with TestDisk (20 pts.)
Project 10: Static Acquisition with DEFT (20 Points) (rev. 1-26-15)
      p10Evidence.zip
Project 11: Using EnCase (15 pts.)
Project 12: Introduction to FTK (15 pts.)
Project 13: Using FTK (25 pts.)
Project 14: Acquiring a Forensic Image of an Android Phone (25 pts.) (rev. 11-9-16)
Project 15: Live Response with Mandiant Redline (15 pts.)
Project 16: Data Carving with Foremost (15 Points)
Project 17: Capturing and Examining the Registry (30 pts.)
Project 18: Shadow Copies and CCleaner (20 pts.) (Rev. 11-22-16)

      How to Increase the VMWare Boot Screen Delay

Extra Credit Projects

Project X0: Essential Linux (15 pts. extra credit)

Project X1: Identifying File Types (Up to 25 points)      text.7z
Project X2: Static Image (15 pts. extra credit)      Proj X2 Evidence File
Project X3: National Software Reference Library (10 pts.) (Updated 11-16-16)
Project X4: Acquiring an iPad image with iTunes (15 pts.) (rev. 5-6-15)
Project X5: Sleuthkit and Autopsy (15 pts. extra credit) (rev. 10-13-16)
Project X6: Analyzing an iTunes Backup with Magnet Forensics' Internet Evidence Finder (15 pts.) (rev. 11-29-16)
Project X7: Procdump (10 pts.)
Project X8: Thumbcache (10 pts.)

Independent Projects (points vary)

Links

[an error occurred while processing this directive]

Last Updated: 9-8-17