Modules

Core Module Information
Module title:	Incident Response and Malware Analysis
SCQF level:	10:
SCQF credit value:	20.00
ECTS credit value:	10
Module code:	CSN10709
Module leader:	Thomas Tan
School	School of Computing, Engineering and the Built Environment
Subject area group:	Cyber Security and Systems Engineering

Prerequisites

Module Code SET08701
Module Title C++ Programming
Examples of Equivalent Learning High level programming language

Description of module content:

The aim of the module is to develop a deep understanding of advanced areas related to security and live/network forensics, with a strong focus on virtualised environments that will allow graduates to act professionally within incident response and in malware/threat analysis. An outline of the main areas includes:
• Threat Timelining. This involves networks and host traces around key threats, such as DDoS, malware infection and data loss.
• Host Investigation Evidence Gathering: Windows, Linux, Android and Mac OS.
• System Architectures, Services and Devices. Networked infrastructures (Servers/Firewall/IDS/ Syslog).
• Network Protocol Analysis. Advanced Network Protocol Analysis, Advanced Trace Analysis, IDS Signature Detection, and Security Threat Network Traces.
• Log Capture/Analysis, and Time-lining. Creating large-scale data infrastructure and analysis methods such as Big Data, SIEM and cross-log analysis .
• Malware Forensics. Code Analysis, Host/Network Analysis, Reverse Engineering. Mobile/x86 architecture, Machine Code Analysis, Vulnerability Analysis and Sandboxed Analysis.
• Malware Analysis. Encoding methods. Static/Dynamic Analysis. Disassembly. Obfuscation. Behaviour Analysis. Encoding methods.
• Advanced Malware Analysis. Anti-disassembly, anti-debugging, packers and unpackers, malware launching, malware signatures, and shell code analysis.
• Data Hiding Data hiding methods, tunnelling, and disk encryption.
• Current Related Research.

Learning Outcomes for module:

LO1: Develop an advanced knowledge of key security/digital forensic principles and methods related to incident response and malware analysis.
LO2: Develop analytical skills related to the key academic principles and practical skills required to understand complex investigations using data from a range of sources, and make informed choices.
LO3: Research, design, implement, evaluate and critically analyse an advanced system to a given set of security and/or digital forensic requirements, with a focus on virtualised environments.

Full Details of Teaching and Assessment

2024/5, Trimester 2, Face-to-Face,

VIEW FULL DETAILS

Indicative References and Reading List - URL:

Contact your module leader

Module Name Search

Occurrence:	001
Primary mode of delivery:	Face-to-Face
Location of delivery:	UK PARTNER
Partner:
Member of staff responsible for delivering module:	Thomas Tan
Module Organiser:

Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activity	Learning & Teaching Activity	NESH (Study Hours)	NESH Description
Face To Face	Tutorial	18	Contact Module Leader
Independent Learning	Guided independent study	182	Contact Module Leader
	Total Study Hours	200
	Expected Total Study Hours for Module	200

Assessment
Type of Assessment	Weighting %	LOs covered	Week due	Length in Hours/Words	Description
Centrally Time Tabled Examination	25	1,2	2	HOURS= 1, WORDS= 0	Contact Module Leader
Centrally Time Tabled Examination	25	1,2	4	HOURS= 1, WORDS= 0	Contact Module Leader
Report	50	3	4	HOURS= 16, WORDS= 0	Contact Module Leader
Component 1 subtotal:	100
Component 2 subtotal:	0
Module subtotal:	100

Edinburgh Napier University

Modules

Related information