Incident Response and Computer Forensics deal with detective aspects of computer security. Primary incident response goals include answers to the questions: What happened? How did it happen? And who is responsible? Other goals include the gathering and preserving of evidence in a manner congruent with court presentation. Specific procedures required to appropriately respond to a security incident are also presented.
Course focus is on detection, isolation and response to security incidents. Security incidents may involve crimes using computers as the object of a crime or they may involve computer misuse. Significant class topics include both the preservation of evidence and the successful return of the computer system to routine operation.
Class activities are augmented with laboratory activities. Laboratory activities concentrate on four areas: hard drive and network forensics, document integrity (hashing), password auditing (cracking), and system integrity.