| Code |
18003
|
| Year |
1
|
| Semester |
S2
|
| ECTS Credits |
6
|
| Workload |
PL(30H)/T(30H)
|
| Scientific area |
Informatics
|
|
Entry requirements |
N/A
|
|
Learning outcomes |
The course unit aims to study and analyze the processes involved in the planning, execution, and reporting of audits to information systems, as well as procedures for evidence collection, tracing, recovery, and data analysis in a digital forensics context. Students are expected to understand the strategies, requirements, and procedures associated with audits and forensic analysis, including the applicable standards, legislation, and ethical considerations. In terms of competencies, students should be able to: design, implement, and conduct audits of information systems, covering network, software, and vulnerability analysis aspects; analyze malware through static code analysis and behavioral analysis in a sandbox environment; understand incident response procedures; understand methodologies and best practices for digital evidence collection and forensic analysis; and be familiar with information-hiding techniques and steganography methods.
|
|
Syllabus |
1.Audit process, ethics, legislation, and regulation
2.Network auditing
3.Vulnerability analysis
4.Software auditing
5.Collection of artifacts, files, and metadata
6.Malware analysis and sandboxing
7.Incident response and reporting
8.Digital evidence and data acquisition
9.Reconstruction of timelines, actions, and hidden information
10.Information-hiding and steganography techniques
|
|
Main Bibliography |
IT Auditing Using Controls to Protect Information Assets, Mike Kegerreis,Mike Schiller, Chris Davis. McGraw Hill editors, 3rd edition,2019.
Digital Forensics and Incident Response: Incident response Techniques and Procedures to Respond to Modern Cyber Threats,Gerard Johansen, Packt, 2nd edition,2020.
Ethical Hacking and Penetration Testing Guide, Rafay Baloch, Taylor & Francis, 1stedition, 2017.
NIST Special Publication 800-115, Technical Guide to Information Security Testing and Assessment, National Institute of Standards and Technology, 2008
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities, Mark Dowd, John McDonald, Justin Schuh, Addison-Wesley Professional, 1 edition, pp. 1200, 2006.
Segurança em Redes Informáticas, André Zúquete, FCA -Editora de Informática, 6ª Ed. (actualizada e aumentada), 2021.
|
|
Language |
Portuguese. Tutorial support is available in English.
|