CNIT 152: Incident ResponseSpring 2024 Sam Bowne35294 Sat 1:10 - 4:00 pm MUB 250Schedule · Lectures · Projects
|
TextbookIncident Response & Computer Forensics, Third Edition by by Jason Luttgens, Matthew Pepe, and Kevin Mandia |
Catalog DescriptionWhen computer networks are breached, incident response (IR) is required to assess the damage, eject the attackers, and improve security measures so they cannot return. This class covers the IR tools and techniques required to defend modern corporate networks. This class is part of the Advanced Cybersecurity Certificate. QuizzesThe quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts. Discussion BoardEach CCSF student must contribute to the Discussion Board in Canvas. There are dates listed in the schedule with Discussion assignment due. For questions, please send a message inside Canvas or email cnit.152sam@gmail.com |
Schedule | ||||
---|---|---|---|---|
Sat 1-20 | 1 Real-World Incidents
| |||
Sat 1-27 | Quizzes: Ch 1 & 2 * Proj Splunk 1 (20 pts of BoTS) due * Discussion 1 * |
2 IR Management Handbook
| ||
Sat 2-3 | Quiz: Ch 3
Proj Splunk 2 (20 pts of BoTS) due Discussion 2 |
3 Pre-Incident Preparation
| ||
Sat 2-10 | Quiz: Ch 4-5
Proj Splunk 3 (20 pts of BoTS) due Discussion 3 |
4 Getting the Investigation Started on the Right Foot
5 Initial Development of Leads
| ||
Sat 2-17 | Holiday: No Class | |||
Sat 2-24 | Quiz: Ch 6-7
Proj Splunk 4 (20 pts of BoTS) due Discussion 4 |
6 Discovering the Scope of the Incident
7 Live Data Collection (Part 1) Demos: ATT 1, ATT 2, BoTS Part 4
| ||
Sat 3-2 | Quiz: Ch 8
Proj ATT 1 & 2 due Discussion 5 |
7 Live Data Collection (Part 2) 8 Forensic Duplication Demos: ATT 3-6
| ||
Sat 3-9 | Quiz: Ch 9
Proj ATT 3 & 4 due Discussion 6 |
9 Network Evidence Demo: IR 371
| ||
Sat 3-16 | Quiz: Ch 10
Proj ATT 5 & 6 due Discussion 7 | 10 Enterprise Services Demo: IR 372
| ||
Sat 3-23 | Quiz: Ch 11
Proj IR 100 due Discussion 8 | 11 Analysis Methodology Demo: IR 373
| ||
Sat 3-30 | Demos: IR 301, 330, 303, 304
| |||
Sat 4-6 | Quiz: Ch 12 (Part 1)
Discussion 9 |
12 Investigating Windows Systems (Part 1)
| ||
Sat 4-13 | Holiday: No Class | |||
Sat 4-20 | Quiz: Ch 12 (Part 2)
Proj IR 371 & 372 due Discussion 10 |
12 Investigating Windows Systems (Part 2)
| ||
Sat 4-27 | Quiz: Ch 12 (Part 3)
Proj IR 350 due Discussion 11 |
12 Investigating Windows Systems (Part 3)
| ||
Sat 5-4 | Class Cancelled for BSidesSF | |||
Sat 5-11 | No Quiz
All Extra Credit Due |
Last Class: No new material
| ||
Wed 5-15 through Wed 5-22 | Final Exam available online throughout the week. You can only take it once. | |||
All quizzes due 30 min. before class * No late penalty until 2-10 |