Apr 19, 2024  
2021 - 2022 Catalog 
    
Catalog Navigation
  Catalog Home

  Programs by Division
  Programs A-Z
  Course Descriptions

  Welcome
  Students Rights and Responsibilities
  Enrollment
  Transfer, Validation, and Program Overview
  Academic Policies and Information
  Course Information and Prerequisites
  References
  Search for Classes
  Credit Hour Application Definition
  My Portfolio
HELP
2021 - 2022 Catalog [ARCHIVED CATALOG]

Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)

CST 250W - Incident Response and Disaster Recovery

Credits: 3
Instructional Contact Hours: 3
Includes implementing a plan to detect intruders, determine the damage caused, and discuss what precautions to use to avoid disasters and to recover from them when they do occur. Credit may be earned in CST 154W or CST 250W, but not both.

Prerequisite(s): CST 152   and CST 153  
Corequisite(s): None
Lecture Hours: 15 Lab Hours: 30
Meets MTA Requirement: None
Pass/NoCredit: Yes

Outcomes and Objectives
  1. Explain the Incident Response Life Cycle.
    1. Identify the goals of incident response.
    2. Describe the Preparation phase.
    3. Describe Detection and Analysis phase.
    4. Describe Containment, Eradication and Recovery phase.
    5. Describe Post-Incident Activity phase.
  2. Explain preparation for an incident.
    1. Explain the initial response phase.
    2. Identify tools for obtaining volatile information.
    3. Identify tools for obtaining non-volatile information.
    4. Discuss formulating a response strategy.
    5. Identify key members of an Incident Response Team.
    6. Describe computer system storage fundamentals.
  3. Explain detection and analysis.
    1. Perform live data collection.
    2. Analyze network traffic.
    3. Investigate Windows systems.
    4. Investigate Unix/Linux systems
    5. Apply data analysis techniques.
    6. Collect network based evidence.
  4. Explain containment, eradication and recovery.
    1. Discuss performing an in-depth live response.
    2. Discuss whether a forensic duplication is necessary.
    3. Discuss evidence handling.
    4. Discuss prioritizing systems for recovery.
    5. Discuss procedures for responding to attacks on computers.
  5. Explain post incident phase.
    1. Explain traditional investigative steps.
    2. Summarize how to conduct a post incentive interview.
    3. Review forensic report writing guidelines.
    4. Identify future disaster recovery procedures as needed.
    5. Assess the value and effectiveness of mitigation steps.


Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)