CNIT 152: Incident ResponseFall 2019 Sam Bowne
CRN 78482 501 Thu 6:10 - 9 pm
|
TextbookIncident Response & Computer Forensics, Third Edition by by Jason Luttgens, Matthew Pepe, and Kevin Mandia |
Catalog DescriptionWhen computer networks are breached, incident response (IR) is required to assess the damage, eject the attackers, and improve security measures so they cannot return. This class covers the IR tools and techniques required to defend modern corporate networks. This class is part of the Advanced Cybersecurity Certificate. QuizzesThe quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts. Live StreamingLive stream will be at: https://zoom.us/j/4108472927 For class-related questions, please emailcnit.152sam@gmail.com |
Schedule | |||
---|---|---|---|
Thu 8-22 | 1 Real-World Incidents
| ||
Thu 8-29 | Quizzes: Ch 1 * Proj ED 200 due * |
Guests: Alex Levinson & Lucas Morris
| |
Thu 9-5 | No Quiz due
Proj IR 201 due * |
Guest: Alex Levinson: "Incident Response" Twitter: @alexlevinson
| |
Fri 9-6 | Last Day to Add | ||
Thu 9-12 | Quiz: Ch 2
Proj IR 202 due * |
2 IR Management Handbook
| |
Thu 9-19 | Quiz: Ch 3
Proj ED 300 due |
3 Pre-Incident Preparation
| |
Thu 9-26 | Quiz: Ch 4-5
Proj IR 301 & 302 due |
4 Getting the Investigation Started on the Right Foot
5 Initial Development of Leads
| |
Thu 10-3 | Quiz: Ch 6-7
Proj IR 303 due |
6 Discovering the Scope of the Incident
7 Live Data Collection
| |
Thu 10-10 | Quiz: Ch 8
|
8 Forensic Duplication
| |
Thu 10-17 | Quiz: Ch 9
Proj IR 304 & 305 due |
9 Network Evidence
| |
Thu 10-24 | Quiz: Ch 10
Proj IR 306 due |
10 Enterprise Services
| |
Thu 10-31 | Quiz: Ch 11
No Proj due |
11 Analysis Methodology
| |
Thu 11-7 | Quiz: Ch 12 (Part 1)
Proj IR 310 & IR 311 due |
12 Investigating Windows Systems (Part 1)
| |
Thu 11-14 | Quiz: Ch 12 (Part 2)
Proj IR 320 due |
12 Investigating Windows Systems (Part 2)
| |
Thu 11-21 | Quiz: Ch 12 (Part 3)
Proj IR 307 due |
12 Investigating Windows Systems (Part 3)
| |
Thu 11-28 | Holiday: No Class | ||
Thu 12-5 | No Quiz due
Proj IR 308 due |
12 Investigating Windows Systems (Part 4)
| |
Thu 12-12 | Quiz Ch 13 (Extra Credit) All Extra Credit due |
Last Class: No Lecture, Open Lab | |
Thu 12-13 - Thu 12-20 |
Final Exam available online throughout the week. You can only take it once. | ||
All quizzes due 30 min. before class * No late penalty until 9-19 |
Lectures | |
---|---|
Grading Policy (pdf)
Syllabus (pdf)
1 Real-World Incidents ·
KEY
| |
Note: the Slideshare lectures are for CNIT 152 even if they start with a page saying "CNIT 121". |