CNIT 152: Incident ResponseFall 2020 Sam Bowne78482 501 Mon 6:10 - 9 pmSchedule · Lectures · Projects
|
TextbookIncident Response & Computer Forensics, Third Edition by by Jason Luttgens, Matthew Pepe, and Kevin Mandia |
Catalog DescriptionWhen computer networks are breached, incident response (IR) is required to assess the damage, eject the attackers, and improve security measures so they cannot return. This class covers the IR tools and techniques required to defend modern corporate networks. This class is part of the Advanced Cybersecurity Certificate. QuizzesThe quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts. Discussion BoardEach CCSF student must contribute to the Discussion Board in Canvas. There are dates listed in the schedule with Discussion assignment due. For questions, please send a message inside Canvas or email cnit.152sam@gmail.com |
Schedule | ||||
---|---|---|---|---|
Mon 8-17 | 1 Real-World Incidents
| |||
Mon 8-24 | Quizzes: Ch 1 & 2 * Proj ED 200 due * Discussion 1 * |
2 IR Management Handbook
| ||
Mon 8-31 | Quiz: Ch 3 *
Proj IR 201 & IR 202 due * Discussion 2 * |
3 Pre-Incident Preparation Splunk BoTS Demonstration
| ||
Fri 9-4 | Last Day to Add | |||
Mon 9-7 | Holiday: No Class | |||
Mon 9-14 | Quiz: Ch 4-5
Proj IR 308 & H 221 due Discussion 3 |
4 Getting the Investigation Started on the Right Foot
5 Initial Development of Leads
| ||
Mon 9-21 | Quiz: Ch 6-7
Proj IR 301 & 330 due Discussion 4 |
6 Discovering the Scope of the Incident
7 Live Data Collection
| ||
Mon 9-28 | Quiz: Ch 8
Proj IR 304 & 305 due Discussion 5 |
8 Forensic Duplication
| ||
Mon 10-5 | No Quiz due
Proj IR 306 & 307 due Discussion 6 |
Steven Booth CSO, FireEye
| ||
Mon 10-12 | Holiday: No Class | |||
Mon 10-19 | Quiz: Ch 9
Proj IR 350 due Discussion 7 |
9 Network Evidence
| ||
Mon 10-26 | Quiz: Ch 10
Proj IR 351 due Discussion 8 |
10 Enterprise Services
| ||
Mon 11-2 | Quiz: Ch 11
No Proj due Discussion 9 | 11 Analysis Methodology
| ||
| ||||
Mon 11-16 | Quiz: Ch 12 (Part 1)
Proj ATT 1 and 2 due Discussion 10 |
12 Investigating Windows Systems (Part 1)
| ||
Mon 11-23 | Quiz: Ch 12 (Part 2)
Proj ATT 3, 4, & 5 due Discussion 11 |
12 Investigating Windows Systems (Part 2)
| ||
Mon 11-30 | Quiz: Ch 12 (Part 3)
ATT 6 & 7 due Discussion 12 |
12 Investigating Windows Systems (Part 3)
| ||
Fri 12-11 - Fri 12-18 |
Final Exam available online throughout the week. You can only take it once. | |||
All quizzes due 30 min. before class * No late penalty until 9-8 |
Lectures | |
---|---|
Grading Policy (pdf)
Syllabus (pdf)
1 Real-World Incidents ·
KEY (Updated 8-17-20)
| |
Note: the Slideshare lectures are for CNIT 152 even if they start with a page saying "CNIT 121". |