Incident Response (IR) and Corporate Forensics (CF) deal with detective aspects of computer security within an enterprise context. IR goals include answering the questions: What happened? How did it happen? And who is responsible? CF goals include learning appropriate methodologies for the collection, preservation, analysis and presentation of evidence. Professional incident response frameworks and related constructs are also presented.
The course emphasizes planning and monitoring necessary for the successful detection, isolation and response to security incidents. It examines these issues from administrative, operational and technical perspectives. Significant issues include the creation and implementation of incident response teams. It also examines monitoring and reporting aspects of enterprise security policy.
Lectures are augmented with active learning activities. Included are "hands-on" activities focusing on: drive forensics, file integrity, network monitoring, security tool kits and related issues.
more information, please choose one of the links at the left.
Note that each of these links will open a PDF file.