This course introduces the principles and best practices for incident response, along with an overview of digital forensics. Students understand the goals of incident response and learn how to prepare and respond to information security incidents and understand how the incident occurred. Students understand the process of collecting and analyzing data, and the process of remediation. The course outlines the investigative and analysis process, tools, digital evidence and applicable law with a focus on computer, mobile, network and database forensics.
Upon completion of the course, students are expected to be able to do the following:
- Implement the basics of evidence collection and documentation, reporting, investigative techniques, digital forensics tools, and procedures.
- Interpret requirements for investigation types of administrative, criminal, civil, regulatory, and industry standards and the associated costs.
- Identify the implications of data location in responding to security incidents.
- Conduct incident management through all stages of a breach with knowledge of detection, response, mitigation, reporting, recovery, and remediation.
- Adjust preventative measures in response to security incidents.
- Implement recovery strategies such as backup, recovery sites, multiple processing sites, and system resilience via high availability, Quality of Service (QoS), and fault tolerance.
- Develop incident reports and analysis presentations.