Cybercrime and Incident Response

Instructor(s): Dr. Dimitrios Baltatzis
Teaching Hours and Credit Allocation: 30 Hours, 6 Credits
Course Assessment: Exam & Coursework


Aims: The primary goal of incident response is to effectively remove a threat from the organization’s computing environment, while minimizing damages and restoring normal operations as quickly as possible. Common questions during an incident:

• What exactly happened? What is the damage and how did the attackers get in?

• Is the incident ongoing?

• What information was stolen or accessed or modified?

• What resources were affected by the incident?

• What are the notification and disclosure responsibilities?

• What steps should be performed to remediate the situation?

• What actions can be taken to secure the organization from similar incidents?

Learning Outcomes

  • Develop the students’ knowledge of the issues related to cyber crime
  • Understand the particular challenges that cybercrime places on various domains of application
  • Develop the students’ knowledge of the issues related to incident response
  • Define and describe the main phases of incident response
  • Evaluate incident data and indicators of compromise (IOC) to determine the correct responses to an incident
  • Identify different kinds of attacks methods to counter their effects
  • Describe the different phases of incident response – preparation, identification, containment, eradication, recovery, follow-up
  • Explain the principles of evidence collection and the chain of custody


• Cybercrime Overview

• Cybercrime cases

• OSINT Web investigation

• Legislation Cooperation

• IOCTA 2018

• Email Investigations

• Preparing for the Incident

• Evidence Gathering - Incident Response Tools

• Collecting memory

• Network Discovery