Core Module Information
Module title: Incident Response and Malware Analysis

SCQF level: 11:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: CSN11129
Module leader: Thomas Tan
School School of Computing, Engineering and the Built Environment
Subject area group: Cyber Security and Systems Engineering
Prerequisites

None

Description of module content:

The aim of the module is to develop a deep understanding of advanced areas related to security and live/network forensics, with a strong focus on virtualised and Cloud-based environments that will allow graduates to act professionally within incident response and in malware/threat analysis. An outline of the main areas includes:
• Threat Analysis. This involves an in-depth analysis of a range of current threats, such as DDoS, Botnets, trojans, and so on.
• System Architectures, Services and Devices. Networked infrastructures (Servers/Firewall/IDS/ Syslog).
• Network Forensics. Advanced Network Protocol Analysis, Advanced Trace Analysis, IDS Signature Detection, and Security Threat Network Traces.
• Live Forensics. Code Analysis, Host/Network Analysis, Reverse Engineering. Mobile/x86 architecture, Machine Code Analysis, Vulnerability Analysis, Sandboxed Analysis.
• Log Capture/Analysis, and Time-lining. Creating large-scale data infrastructure and analysis methods such as Big Data, SIEM and cross-log analysis (such as Splunk).
• Malware Analysis. Static/Dynamic Analysis. Disassembly. Obfuscation. Behaviour Analysis. Encoding methods.
• Data Hiding and Data Loss Detection/Prevention. Data hiding methods, detection methods, tunnelling, and disk encryption.
• Host Investigation Evidence Gathering: Windows, Linux, Android and Mac OS.
• Current Related Research.

Learning Outcomes for module:

Upon completion of this module, you will be able to:
LO1: Develop an advanced knowledge of key security/digital forensic principles and methods related to incident response and malware analysis.
LO2: Develop analytical skills related to the key academic principles and practical skills required to understand data hiding/loss within a virtualised networked infrastructure.
LO3: Research, design, implement, evaluate and critically analyse an advanced system to a given set of security and/or digital forensic requirements, with a focus on virtualised environments.

Full Details of Teaching and Assessment
2023/4, Trimester 2, Blended, Edinburgh Napier University
VIEW FULL DETAILS
Occurrence: 002
Primary mode of delivery: Blended
Location of delivery: MERCHISTON
Partner: Edinburgh Napier University
Member of staff responsible for delivering module: Thomas Tan
Module Organiser:


Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Lecture 24
Face To Face Practical classes and workshops 24
Independent Learning Guided independent study 152
Total Study Hours200
Expected Total Study Hours for Module200


Assessment
Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Centrally Time Tabled Examination 25 1,2 8 HOURS= 1, WORDS= 0
Centrally Time Tabled Examination 25 1,2 13 HOURS= 1, WORDS= 0
Project - Practical 50 3 15 HOURS= 16, WORDS= 0
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100

Indicative References and Reading List - URL:
Contact your module leader