CST 250W - Incident Response and Disaster RecoveryCredits: 3 Includes implementing a plan to detect intruders, determine the damage caused, and discuss what precautions to use to avoid disasters and to recover from them when they do occur. Credit may be earned in CST 154W or CST 250W, but not both.
Prerequisite(s): CST 152 and CST 153 Corequisite(s): None Lecture Hours: 15 Lab Hours: 30 Meets MTA Requirement: None Pass/NoCredit: Yes
Outcomes and Objectives 1. Explain the Incident Response Life Cycle.
A. Identify the goals of incident response.
B. Describe the Preparation phase.
C. Describe Detection and Analysis phase.
D. Describe Containment, Eradication and Recovery phase.
E. Describe Post-Incident Activity phase.
2. Explain preparation for an incident.
A. Explain the initial response phase.
B. Identify tools for obtaining volatile information.
C. Identify tools for obtaining non-volatile information.
D. Discuss formulating a response strategy.
E. Identify key members of an Incident Response Team.
F. Describe computer system storage fundamentals.
3. Explain detection and analysis.
A. Perform live data collection.
B. Analyze network traffic.
C. Investigate Windows systems.
D. Investigate Unix/Linux systems
E. Apply data analysis techniques.
F. Collect network based evidence.
4. Explain containment, eradication and recovery.
A. Discuss performing an in-depth live response.
B. Discuss whether a forensic duplication is necessary.
C. Discuss evidence handling.
D. Discuss prioritizing systems for recovery.
E. Discuss procedures for responding to attacks on computers.
5. Explain post incident phase.
A. Explain traditional investigative steps.
B. Summarize how to conduct a post incentive interview.
C. Review forensic report writing guidelines.
D. Identify future disaster recovery procedures as needed.
E. Assess the value and effectiveness of mitigation steps.
Add to Portfolio (opens a new window)
|