This module will cover elements of operating system disk-level architectures, such as Windows and Linux. This will allow students to study how operating systems store system and user data, and thus students will gain an understanding as to what information could technically be held on such systems. This data could include user files, as well as user activities such as login session data, browsing histories, operating system manipulation, and general user interactions with a variety of operating system tools. This understanding will be expanded through theoretical knowledge and practical exercises in extracting information from systems, using a variety of open source and commercial forensic analysis tools, and documenting the results of such a process using consistent and thorough evidential procedures. This includes the production of event timelines, as well as the analysis of system logs, operating system state, file systems, and application data. The module will also consider the ethical and professional issues related to digital forensics.
Incident Response and Malware Analysis
The aim of the module is to develop a deep understanding of advanced areas related to security and live/network forensics, with a strong focus on virtualised environments that will allow graduates to act professionally within incident response and in malware/threat analysis. An outline of the main areas includes:
• Threat Timelining This involves networks and host traces around key threats, such as DDoS, malware infection and data loss.
• Host Investigation Evidence Gathering: Windows, Linux, Android and Mac OS.
• System Architectures, Services and Devices. Networked infrastructures (Servers/Firewall/IDS/ Syslog).
• Network Protocol Analysis. Advanced Network Protocol Analysis, Advanced Trace Analysis, IDS Signature Detection, and Security Threat Network Traces.
• Log Capture/Analysis, and Time-lining. Creating large-scale data infrastructure and analysis methods such as Big Data, SIEM and cross-log analysis .
• Malware Forensics. Code Analysis, Host/Network Analysis, Reverse Engineering. Mobile/x86 architecture, Machine Code Analysis, Vulnerability Analysis and Sandboxed Analysis.
• Malware Analysis. Encoding methods. Static/Dynamic Analysis. Disassembly. Obfuscation. Behaviour Analysis. Encoding methods.
• Advanced Malware Analysis. Anti-disassembly, anti-debugging, packers and unpackers, malware launching, malware signatures, and shell code analysis.
• Data Hiding Data hiding methods, tunnelling, and disk encryption.
• Current Related Research.
The aim of the module is to develop a deep understanding of advanced areas related to security and digital forensics that will allow graduates to act professionally in the design, analysis, implementation, and reporting of network security strategies. An outline of the main areas includes:
• Introduction. Networking Concepts; Network Security Concepts; Network Threats and Attacks; Network Defense - Perimeter, Defence in Depth
• Firewalls. Concepts; Types - Host, Network; Technologies - Static packet filtering; Stateful packet filtering; Multilayer firewall; Architectures; Polices; and Implementation and Deployment.
• Intrusion Detection and Prevention Systems (IDPS). Concepts; Types; Alert Monitoring and Sensor Tuning; behavioural analysis, in-line/out-of-line.
• Access Control and Authentication. Concepts: Trust and Identity; Attacks; Models - Access Control Models; Network Device Access Control; AAA, Layer 2; Device Hardening.
• Remote Access and VPNs. Concepts; Cryptography; Types - L2, L3 and L4/5; Technologies; IPSec and SSL.
• Wireless Security. Wireless Overview; Attacks; Encryption; Authentication.
• CCNA Certification - Concepts. CIA; Attacks on CIA; Data Classification; Law and Ethics; Network policies; Risk Management and Secure Network Design; Security in the SDLC; Cisco self-defending network; Secure Administration.
• CCNA Certification - Secure Infrastructure and Extending Security. Cisco Layer 2 Security; Cisco IOS Firewalls. Cisco IOS IPS; Cisco VPN and Cryptographic Solutions; Digital Signatures and PKI.
This module covers Networking fundamentals, such as data signalling principles, layer 2 addressing and media sharing. Internet technology, including IP addressing and the role of TCP will be covered, as will network planning. The implementation side will cover router operations and configuration as well as broadcast domains, switches and VLANs. Finally, the module will cover emerging networking areas of Wireless and mobile networks.
The module is aligned with the Cisco Building Scalable Cisco Internetworks (BSCI) certification. Principle topics to be covered therefore are:
OSI and TCP/IP communication Models
Advanced IP addressing
Enhanced Interior Gateway Routing Protocol (EIGRP)
Integrated IS-IS Protocol
Multicast routing algorithms and protocols
Internet Mobility Protocols: Mobile IPv4, Mobile IPv6, and Moving Network (NEMO)
Network performance evaluation
Medium Access Mechanisms (LANs): This includes a wide range of mechanisms with a main focus on the LANs.
VLANs and Virtual Trunking Protocol: VLANs will be covered in terms of the concept, benefits, types, configuration and communication between VLANs. In addition, trunking in VLANs will be discussed in depth.
Spanning Tree Protocol (STP): the concept and usefulness of the STP will be discussed in depth. In addition, the network conditions that benefit from STP services will be analysed.
Inter VLAN Routing: The interaction between the two layers (Layers 2 & 3) will be the main focus here including the routing process.
Multilayer Switching (MS): The concept of the MS, components in terms of both hardware and software requirements will be discussed in depth.
Redundancy: The need for redundancy and the requirements for implementing redundancy will be discussed and analysed.
IP Telephony, QoS and Transparent LAN services: These topics will be discussed in depth crossing both the system and application levels.