CNIT 152: Incident ResponseSummer 2018 Sam BowneLectures · Projects · Links ·New ScoresArchived Scores from WCIL May, 2018 |
TextbookIncident Response & Computer Forensics, Third Edition by by Jason Luttgens, Matthew Pepe, and Kevin MandiaPublisher: McGraw-Hill Education; 3 edition (August 1, 2014) Sold by: Amazon Digital Services, LLC ASIN: B00JFG7152 Kindle edition: $36, Paper edition: $16 (prices I saw on 4-10-16 at Amazon) Buy from Amazon ($15 - $40) |
Catalog DescriptionWhen computer networks are breached, incident response (IR) is required to assess the damage, eject the attackers, and improve security measures so they cannot return. This class covers the IR tools and techniques required to defend modern corporate networks. This class is part of the Advanced Cybersecurity Certificate. |
Lectures | |
---|---|
1 Real-World Incidents ·
KEY ·
PDF 2 IR Management Handbook · KEY · PDF 6 Discovering the Scope of the Incident & 7 Live Data Collection · KEY · PDF 8 Forensic Duplication · KEY · PDF
| |
Click a lecture name to see it on SlideShare. If you want to use other formats, you may find this useful: Cloud Convert. |
Additional Lectures | |
---|---|
Policy | |
Student Agreement | |
3 Pre-Incident Preparation ·
KEY ·
PDF 4 Getting the Investigation Started on the Right Foot & 5 Initial Development of Leads · KEY · PDF 9 Network Evidence · KEY · PDF 10 Enterprise Services · KEY · PDF 11 Analysis Methodology · KEY · PDF 12 Investigating Windows Systems (Part 1 of 3) · KEY · PDF 12 Investigating Windows Systems (Part 2 of 3) · KEY · PDF 12 Investigating Windows Systems (Part 3 of 3) · KEY · PDF 13 Investigating Mac OS X Systems · KEY · PDF 14 Investigating Applications · KEY · PDF 16 Report Writing · KEY · PDF 17 Remediation Introduction (Part 1) · KEY · PDF 18 Remediation Case Study
| |
Click a lecture name to see it on SlideShare. If you want to use other formats, you may find this useful: Cloud Convert. |
Additional Projects | |
---|---|
Downloading the Old Virtual Machines
Project 5: Prefetch (10 pts.) How to Increase the VMWare Boot Screen Delay
Extra Credit ProjectsProject X2: Static Image (15 pts. extra credit) Proj X2 Evidence FileProject X3: National Software Reference Library (10 pts.) (Updated 11-16-16) Project X4: Acquiring an iPad image with iTunes (15 pts.) (rev. 5-6-15) Project X5: Sleuthkit and Autopsy (15 pts. extra credit) (rev. 10-13-16) Project X6: Analyzing an iTunes Backup with Magnet Forensics' Internet Evidence Finder (15 pts.) (rev. 11-29-16) Project X7: Procdump (10 pts.) Project X8: Thumbcache (10 pts.) |
Links |
---|
Links for Chapter LecturesCh 1a: Deconstructing a Credit Card's DataCh 1b: Mitigating Fraud Risk Through Card Data Verification Ch 1c: What data is stored on a payment card's magnetic stripe?
Ch 3a: Free Email Certificate | Secure SSL Certificate from Comodo
Ch 5a: Report Crimes Against Children | Department of Justice
Ch 7a: Redline User Guide
Ch 8a: Host protected area - Wikipedia
Ch 9a: Basic Snort Rules Syntax and Usage
Ch 10a: Analyze Microsoft DHCP Server Log Files
Ch 11i: Filesystem Timestamps: What Makes Them Tick?
Other LinksYelp/osxcollector: A forensic evidence collection & analysis toolkit for OS XProcDump SecureZeroMemory function (Windows) Under My Thumbs -- Revisiting Windows thumbnail databases Using Mandiant Redline to discover Meterpreter process injection - YouTube Elcomsoft Advanced mobile forensics: iOS (iPhone and iPad), Windows Phone and BlackBerry 10 Aid4Mail Now (Free Trial) New Unsorted Linksosquery | Easily ask questions about your Linux, Windows, and macOS infrastructureGitHub - Yelp/osxcollector: A forensic evidence collection & analysis toolkit for OS X OS X Incident Response: Scripting and Analysis--RECOMMENDED GitHub - google/grr: GRR Rapid Response: remote live forensics for incident response KnockKnock shows you what's persistently installed on your Mac! -- RECOMMENDED GitHub - Yelp/amira: AMIRA: Automated Malware Incident Response & Analysis Cyphort: Anti-SIEM reduces SIEM cost, noise, complexity, and wasted time Collect NTFS forensic information with osquery Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk) Kit Hunter, a phishing kit detection script -- USEFUL FOR PROJECTS Log-MD Tool Free Version Threat Hunting Workshop--USE FOR PROJECTS ATT&CK Matrix - ATT&CK for Enterprise GitHub - redcanaryco/atomic-red-team: Small and highly portable detection tests based on MITRE's ATT&CK. Log Management & Security Analytics, Continuous Intelligence: Sumo Logic Rekall Forensics Public PCAP files for download Automated Malware Analysis - Joe Sandbox Free Automated Malware Analysis Sandboxes and Services Free Automated Malware Analysis Service - powered by Falcon Sandbox Try AlienVault USM for Free Ch 9h: Snort rule for fake SSL certificate 7 Sumo Logic Competitors in Cloud-Based Log Management and Anomaly Detection Ch 12a: Shim Cache Parser Slides Ch 13a: Apple File System - Wikipedia Ch 13b: The MacPorts Project -- Download & Installation Ch 13c: macos - OS X 10.9: where are password hashes stored - Ask Different Ch 13d: macos - What type of hash are a Mac's password stored in? - Ask Different Ch 13e: How to crack macbook admin password Ch 13f: How to Convert plist Files to XML or Binary in Mac OS X Ch 13g: Collecting password hashes from Mac OS Mojave CAPE Sandbox--ADD TO PROJECTS Security Analyst Workshop--VERY GOOD TOOLS Splunk Cheat Sheet Available Artifacts on Windows Versions - Evidence of Execution NIST SPECIAL PUBLICATION 1800-26 Data Integrity Detecting and Responding to Ransomware and Other Destructive Events Awesome-incident-response: A curated list of tools for incident response 2020-10-15: Recommended Mandiant and FireEye Blogs Malware_Reverse_Engineering_Handbook.pdf Splunking with Sysmon Series Part 1: The Setup | Hurricane Labs Splunking with Sysmon Ch 7f: Comparison of Acquisition Software for Digital Forensics Purposes Ch 12k: A simple way to access Shadow Copies in Vista | Microsoft Docs Plaso: Super timeline all the things Timesketch: Collaborative forensic timeline analysis ydkhatri/mac_apt: macOS ( and ios) Artifact Parsing Tool Free Training Courses | Splunk Blue Team Labs Online -- EXTRA CREDIT
|