IY2S555 - Post Incident Analysis 01 Sep 2024 - 31 Aug 2029 | Version 1

Associated Module Information

Module Code: IY2S555
Module Title: Post Incident Analysis
Faculty: Faculty of Computing, Engineering and Science
Faculty Group: Computing and Mathematics
Faculty Sub Group: Cyber Security
Module Leader: Rachael Medhurst
Module Team: Beth Jenkins, Sharan Johnstone, Emma Derbi, Andrew Butcher, Madhu Khurana, Peter Eden, Richard Ward, Arun Kumar, Joshua Richards, Nisha Rawindaran
First Intended Intake: SEP 2024 Final Year of Intake: 2028
Date Closed:
Credit Value: 20 Credit Level: 5
Language: English
Percentage of Module Taught in Welsh: 0
Equivalent Module:
HECOS codes: 100385 - computer forensics
HECOS Code Weighting: 100

Document Version Information

Version 1
Valid From 01 Sep 2024
Valid To 31 Aug 2029

Module Aims

To evaluate, analyse and synthesize the capability to successfully perform digital forensic processes to assist in post-incident analysis.

Content Summary

Incident Response fundamentals
Threat Hunting
- Kill Chain
- Diamond Model
- Causes of Action matrix


Memory Forensics
Log Data Analysis
Traffic Analysis
Timeline Analysis
Root Cause Analysis


Malware forensics:
- Malware Analysis
- Indicators of Compromise
- Yara Rules


Evidence Retention
Reporting
Intelligence Sharing

Learning and Teaching Methods

Activity Type Hours
Lecture 24
Tutorial 24
Independent Study 80
Directed Study 72
Total Hours Selected 200

Learning Outcomes

# Learning Outcome
LO1 To demonstrate and evaluate a systematic understanding of the principles and practices associated with post-incident analysis.
LO2 To critically discuss and analyse the issues associated with incident response.

Module Requisites

N/A

Assessment Criteria

Assessment Category Assessment Type Description Duration Word Count Weight (%) Best of? Pass Mark
Asynchronous Assessment Report 1 A written report that draws on knowledge and material from across a whole programme 0 2000 50 No 40
Asynchronous Assessment Practical Written Work 1 A write up of a piece of practical work that has been undertaken. 0 2000 50 No 40

Assessment Matrix

Assessment Type Learning Outcomes
LO1 LO2
Report 1
Practical Written Work 1

Reading List

Johansen, Gerard (2020) Digital forensics and incident response : incident response techniques and procedures to respond to modern cyber threats. Second Edition

Anson, S (2020). Applied Incident Response. Indiana: Wiley.

Tanner, N, H. (2019) Cybersecurity: Blue Team Toolkit. Indiana: Wiley.

Kevin Mandia, Incident Response & Computer Forensics, McGraw-Hill Osborne, 3rd Edition, 2014.

Leighton Johnson, Computer Incident Response and Forensics Team Management, Syngress, 2014.

Don Murdoch, Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder, Create Space Independent Publishing Platform, 2nd Edition, 2014.

Darren O'Toole, Incident Management for I.T. Departments, Create Space Independent Publishing Platform, 2015.

Kiran Kumar Pabbathi , Guidance for Incident Management: According to ISO/IEC 20000 & 9001 Standards, Six Sigma and ITSM Best Practices, ServiceManagers.org, 2015.

Lee N. Vanden Heuvel, Donald K. Lorenzo and Walter E. Hanson , Root Cause Analysis Handbook: A Guide to Efficient and Effective Incident Management, Rothstein Publishing, 3rd Edition, 2008.

Endorf, Carl; Eugene Schultz; Jim Mellander; Intrusion Detection and Prevention, McGraw-Hill, USA, 2004 Grance, T.;

Schultz, E.; R. Shumway; Incident Response: A Strategic Guide to Handling System and Network Security Breaches, New Riders, USA, 2002.