Cybercrime and Incident Response
|Instructor(s):||Dr. Dimitrios Baltatzis|
|Teaching Hours and Credit Allocation:||30 Hours, 6 Credits|
|Course Assessment:||Exam & Coursework|
Aims: The primary goal of incident response is to effectively remove a threat from the organization’s computing environment, while minimizing damages and restoring normal operations as quickly as possible. Common questions during an incident:
• What exactly happened? What is the damage and how did the attackers get in?
• Is the incident ongoing?
• What information was stolen or accessed or modified?
• What resources were affected by the incident?
• What are the notification and disclosure responsibilities?
• What steps should be performed to remediate the situation?
• What actions can be taken to secure the organization from similar incidents?
- Develop the students’ knowledge of the issues related to cyber crime
- Understand the particular challenges that cybercrime places on various domains of application
- Develop the students’ knowledge of the issues related to incident response
- Define and describe the main phases of incident response
- Evaluate incident data and indicators of compromise (IOC) to determine the correct responses to an incident
- Identify different kinds of attacks methods to counter their effects
- Describe the different phases of incident response – preparation, identification, containment, eradication, recovery, follow-up
- Explain the principles of evidence collection and the chain of custody
• Cybercrime Overview
• Cybercrime cases
• OSINT Web investigation
• Legislation Cooperation
• IOCTA 2018
• Email Investigations
• Preparing for the Incident
• Evidence Gathering - Incident Response Tools
• Collecting memory
• Network Discovery