Offered: Fall 2025 (current)
Incident response process (Preparation, Identification Containment, Eradication, Recovery, Lessons learned), Network Evidence Acquisition, log aggregation and analysis, various log formats, Elastic stack, Security Operations and Forensics ELK (SOF-ELK), NetFlow analysis, Open-source flow analysis tools, Network traffic analysis, Moloch – Network forensics and analysis tool.
The core objectives of this course are to:
Integrate threat intelligence (TI) into all phases of the incident response (IR) lifecycle.
Analyze network evidence (logs, NetFlow, packet captures) using tools like Elastic Stack, Moloch, and SOF-ELK.
Apply frameworks (MITRE ATT&CK, Cyber Kill Chain) to model adversary behavior and refine detection strategies
Develop technical skills for threat hunting, forensic investigations, and real-time incident triage
Foster independent research capabilities in cyber threat intelligence and incident handling, preparing students for leadership roles in cybersecurity.
1. To Be Added
| # | Description | Weight | Edit |
|---|
