Lovely Professional University, Punjab
Course Code Course Title Lectures Tutorials Practicals Credits Course Planner
INT250 DIGITAL EVIDENCE ANALYSIS 2 0 2 3 27728::Chavi Kapoor
Course Weightage ATT: 5 CA: 25 MTT: 20 ETT: 50
Course Outcomes :Through this course students should be able to
CO1 :: describe the fundamentals of incident response handling process.
CO2 :: discuss the methodology of detecting an incident and responding to it in case of a security breach.
CO3 :: examine the process of live data collection and forensic duplication during forensic investigations.
CO4 :: outline the network and host-based evidence collection during the evidence handling process.
CO5 :: classify various data analysis techniques for network and system evidence data.
CO6 :: evaluate the process of extracting critical data from windows systems and routers
TextBooks ( T )
Sr No Title Author Publisher Name
T-1 DIGITAL FORENSICS AND GERARD JOHANSEN PACKT PUBLISHING
INCIDENT RESPONSE
Reference Books ( R )
Sr No Title Author Publisher Name
R-1 INCIDENT RESPONSE & JASON LUTTGENS, Mc Graw Hill Education
COMPUTER FORENSICS MATTHEW PEPE AND
KEVIN MANDIA
Relevant Websites ( RW )
Sr No (Web address) (only if relevant to the course) Salient Features
RW-1 http://searchsecurity.techtarget.com/definition/incident-response Incident response
Audio Visual Aids ( AV )
Sr No (AV aids) (only if relevant to the course) Salient Features
AV-1 https://www.youtube.com/watch?v=PhROeWMPBqU Incident response plan
AV-2 https://www.youtube.com/watch?v=VTOoKBJX1Gs Basics of incident response
AV-3 https://www.youtube.com/watch?v=C-0JD1Fwk7U Advanced incident response and threat hunting
An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
, AV-4 https://www.youtube.com/watch?v=Xw536W7kbDQ Event log analysis
AV-5 https://www.youtube.com/watch?v=wsgvY_jlQuk Live data collection
AV-6 https://www.youtube.com/watch?v=fEip9gl2MTA Live forensics and memory analysis
AV-7 https://www.youtube.com/watch?v=F3iZeKC1ePg Forensic duplication
AV-8 https://www.youtube.com/watch?v=yGcSIZGakRM Forensic duplication extended
AV-9 https://www.youtube.com/watch?v=A1ueA1GDb9g Network evidence
AV-10 https://www.youtube.com/watch?v=2srNhY29k1s Evidence analysis and handling
AV-11 https://www.youtube.com/watch?v=HDKXQaFVdDo Investigating windows systems
AV-12 https://www.youtube.com/watch?v=a4dwypa12c4 Forensic report writing
LTP week distribution: (LTP Weeks)
Weeks before MTE 7
Weeks After MTE 7
Spill Over (Lecture) 4
Detailed Plan For Lectures
Week Lecture Broad Topic(Sub Topic) Chapters/Sections of Other Readings, Lecture Description Learning Outcomes Pedagogical Tool Live Examples
Number Number Text/reference Relevant Websites, Demonstration/
books Audio Visual Aids, Case Study /
software and Virtual Images /
Labs animation / ppt
etc. Planned
Week 1 Lecture 1 Introduction to Incident R-1 AV-2 L0: Introductory lecture Student shall learn Discussion
Response(What is computer to the course, WHAT IS the basics of incident
security incident?) A COMPUTER Response
SECURITY
INCIDENT?, WHAT
ARE THE GOALS OF
INCIDENT
RESPONSE?, WHO IS
INVOLVED IN THE
INCIDENT RESPONSE
PROCESS?
An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
,An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
, Week 1 Lecture 1 Introduction to Incident R-1 AV-2 L0: Introductory lecture Student shall learn Discussion
Response(What are goals of to the course, WHAT IS the basics of incident
incident A COMPUTER Response
response?) SECURITY
INCIDENT?, WHAT
ARE THE GOALS OF
INCIDENT
RESPONSE?, WHO IS
INVOLVED IN THE
INCIDENT RESPONSE
PROCESS?
Introduction to Incident R-1 AV-2 L0: Introductory lecture Student shall learn Discussion
Response(Who is involved to the course, WHAT IS the basics of incident
in incident response A COMPUTER Response
process?) SECURITY
INCIDENT?, WHAT
ARE THE GOALS OF
INCIDENT
RESPONSE?, WHO IS
INVOLVED IN THE
INCIDENT RESPONSE
PROCESS?
Introduction to Incident R-1 RW-1 Pre-Incident Student shall Discussion
Response(Incident response Preparation, Detection understand the
methodology) of Incidents, Initial methodology of
Response, incident response
Lecture 2 Introduction to Incident R-1 RW-1 Considering the Totality Student shall Discussion, Case
Response(Formulate a of the Circumstances, understand the Study
response strategy) Considering Appropriate methodology of
Responses, Taking incident response
Action
Introduction to Incident R-1 RW-1 Data Collection, Student shall Discussion, Case
Response(Investigate the Forensic Analysis, understand the Study
incident) Reporting, Resolution methodology of
incident response
Introduction to Incident R-1 RW-1 Data Collection, Student shall Discussion, Case
Response(Reporting) Forensic Analysis, understand the Study
Reporting, Resolution methodology of
incident response
Introduction to Incident R-1 RW-1 Data Collection, Student shall Discussion, Case
Response(Resolution) Forensic Analysis, understand the Study
Reporting, Resolution methodology of
incident response
An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
Course Code Course Title Lectures Tutorials Practicals Credits Course Planner
INT250 DIGITAL EVIDENCE ANALYSIS 2 0 2 3 27728::Chavi Kapoor
Course Weightage ATT: 5 CA: 25 MTT: 20 ETT: 50
Course Outcomes :Through this course students should be able to
CO1 :: describe the fundamentals of incident response handling process.
CO2 :: discuss the methodology of detecting an incident and responding to it in case of a security breach.
CO3 :: examine the process of live data collection and forensic duplication during forensic investigations.
CO4 :: outline the network and host-based evidence collection during the evidence handling process.
CO5 :: classify various data analysis techniques for network and system evidence data.
CO6 :: evaluate the process of extracting critical data from windows systems and routers
TextBooks ( T )
Sr No Title Author Publisher Name
T-1 DIGITAL FORENSICS AND GERARD JOHANSEN PACKT PUBLISHING
INCIDENT RESPONSE
Reference Books ( R )
Sr No Title Author Publisher Name
R-1 INCIDENT RESPONSE & JASON LUTTGENS, Mc Graw Hill Education
COMPUTER FORENSICS MATTHEW PEPE AND
KEVIN MANDIA
Relevant Websites ( RW )
Sr No (Web address) (only if relevant to the course) Salient Features
RW-1 http://searchsecurity.techtarget.com/definition/incident-response Incident response
Audio Visual Aids ( AV )
Sr No (AV aids) (only if relevant to the course) Salient Features
AV-1 https://www.youtube.com/watch?v=PhROeWMPBqU Incident response plan
AV-2 https://www.youtube.com/watch?v=VTOoKBJX1Gs Basics of incident response
AV-3 https://www.youtube.com/watch?v=C-0JD1Fwk7U Advanced incident response and threat hunting
An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
, AV-4 https://www.youtube.com/watch?v=Xw536W7kbDQ Event log analysis
AV-5 https://www.youtube.com/watch?v=wsgvY_jlQuk Live data collection
AV-6 https://www.youtube.com/watch?v=fEip9gl2MTA Live forensics and memory analysis
AV-7 https://www.youtube.com/watch?v=F3iZeKC1ePg Forensic duplication
AV-8 https://www.youtube.com/watch?v=yGcSIZGakRM Forensic duplication extended
AV-9 https://www.youtube.com/watch?v=A1ueA1GDb9g Network evidence
AV-10 https://www.youtube.com/watch?v=2srNhY29k1s Evidence analysis and handling
AV-11 https://www.youtube.com/watch?v=HDKXQaFVdDo Investigating windows systems
AV-12 https://www.youtube.com/watch?v=a4dwypa12c4 Forensic report writing
LTP week distribution: (LTP Weeks)
Weeks before MTE 7
Weeks After MTE 7
Spill Over (Lecture) 4
Detailed Plan For Lectures
Week Lecture Broad Topic(Sub Topic) Chapters/Sections of Other Readings, Lecture Description Learning Outcomes Pedagogical Tool Live Examples
Number Number Text/reference Relevant Websites, Demonstration/
books Audio Visual Aids, Case Study /
software and Virtual Images /
Labs animation / ppt
etc. Planned
Week 1 Lecture 1 Introduction to Incident R-1 AV-2 L0: Introductory lecture Student shall learn Discussion
Response(What is computer to the course, WHAT IS the basics of incident
security incident?) A COMPUTER Response
SECURITY
INCIDENT?, WHAT
ARE THE GOALS OF
INCIDENT
RESPONSE?, WHO IS
INVOLVED IN THE
INCIDENT RESPONSE
PROCESS?
An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
,An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
, Week 1 Lecture 1 Introduction to Incident R-1 AV-2 L0: Introductory lecture Student shall learn Discussion
Response(What are goals of to the course, WHAT IS the basics of incident
incident A COMPUTER Response
response?) SECURITY
INCIDENT?, WHAT
ARE THE GOALS OF
INCIDENT
RESPONSE?, WHO IS
INVOLVED IN THE
INCIDENT RESPONSE
PROCESS?
Introduction to Incident R-1 AV-2 L0: Introductory lecture Student shall learn Discussion
Response(Who is involved to the course, WHAT IS the basics of incident
in incident response A COMPUTER Response
process?) SECURITY
INCIDENT?, WHAT
ARE THE GOALS OF
INCIDENT
RESPONSE?, WHO IS
INVOLVED IN THE
INCIDENT RESPONSE
PROCESS?
Introduction to Incident R-1 RW-1 Pre-Incident Student shall Discussion
Response(Incident response Preparation, Detection understand the
methodology) of Incidents, Initial methodology of
Response, incident response
Lecture 2 Introduction to Incident R-1 RW-1 Considering the Totality Student shall Discussion, Case
Response(Formulate a of the Circumstances, understand the Study
response strategy) Considering Appropriate methodology of
Responses, Taking incident response
Action
Introduction to Incident R-1 RW-1 Data Collection, Student shall Discussion, Case
Response(Investigate the Forensic Analysis, understand the Study
incident) Reporting, Resolution methodology of
incident response
Introduction to Incident R-1 RW-1 Data Collection, Student shall Discussion, Case
Response(Reporting) Forensic Analysis, understand the Study
Reporting, Resolution methodology of
incident response
Introduction to Incident R-1 RW-1 Data Collection, Student shall Discussion, Case
Response(Resolution) Forensic Analysis, understand the Study
Reporting, Resolution methodology of
incident response
An instruction plan is only a tentative plan. The teacher may make some changes in his/her teaching plan. The students are advised to use syllabus for preparation of all examinations. The students are expected to keep themselves
