DPI906 Course Outline

Course Code: DPI906
Course Name: Malware Analysis and Response
Offered Date: Summer - 2019 | Other versions
Print Outline
Course Description:
This course covers the examination, analysis and recovery of compromised operating systems, and the identification, classification and analysis of different types of malware. Students learn standard procedures and methodologies used by incident response teams to recognize the presence and effects of malware on systems and organizations. They learn how to correlate multiple data sources to build a complete picture of the compromising incident, exploring the motivations of the perpetrators and the attack vectors used in the incident.
Credit Status: 1 credit in the IFS program.
Prerequisite: SPR600
Mode of Instruction: One hour interactive lecture per week, and three hours activity-based learning per week (four hours total)
Learning Outcomes:
  • Design a suitable incident response policy for a given system based on given organizational needs and requirements.
  • Implement effective incident response procedures on a compromised system
  • Identify and appropriately interact with stakeholders in a given incident response scenario
  • Identify, classify and analyze various types of malware.
  • Identify, classify and analyze malicious behaviour
  • Recognize a compromised system and collect volatile data from that system
  • Analyze the data collected from a compromised system, and synthesize a coherent picture of the compromising incident.
  • Recommend remediation procedures for a compromised system
Employability Skills:
Communicate clearly, concisely and correctly in the written, spoken and visual form that fulfils the purpose and meets the needs of the audience.|Apply a systematic approach to solve problems.|Use a variety of thinking skills to anticipate and solve problems.|Locate, select, organize, and document information using appropriate technology and information systems.|Analyze, evaluate, and apply relevant information from a variety of sources.|Manage the use of time and other resources to complete projects.|Take responsibility for one's own actions, decisions, and consequences.|
Topic Outline:
  • Introduction to Incident Response
    • What is Incident Response?
    • Types of incidents
    • Costs of incidents
    • Legal, ethical, and business requirements
    • Incident Response Organizations
  • Attack Vectors and Motivations
    • Determining How a System is Compromised
    • Determining Why a System is Compromised
  • The Incident Response Process
    • Incident Response Methodology
    • Incident Response Teams
    • Stakeholders
    • Vulnerabilities and Remedies
    • Report Writing
  • Setting up a Safe Lab Environment
    • Network Re-direction
    • Protecting Physical Hosts
  • Collecting Volatile Data
    • The Live Response Process
    • What to Collect
    • Nonvolatile Information
    • Live Response Methodologies
    • Live Response Data Analysis
  • Memory Analysis
    • Collecting Process Memory
    • Dumping Physical Memory
    • Analyzing a Physical Memory Dump
  • Registry Analysis
    • Overview of the Registry
    • Analyzing the Registry
  • File Analysis
    • Log Files
    • File Metadata
    • Alternative methods
    • Executable File Analysis
  • Malware Identification and Classification
    • Malware Signatures
    • Packers
    • Malware Capabilities
    • Malware Detection
    • Shellcode
    • Rootkits
  • Malware Analysis
    • Dynamic Analysis
    • Debugging Malware
    • De-Obfuscation
    • DLLs
    • Kernel Debugging
  • Case Studies
Prescribed Text(s):
  • Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software [Paperback], Michael Sikorski (Author), Andrew Honig (Author), Published by No Starch Press; ISBN 9781593272906
Reference Material:
1 -  Computer Incident Response and Product Security by Damir Rannovi, published by Cisco Press, ISBN:  9781587052644
2 -  Malware Analyst's Cookbook and DVD:  Tools and Techniques for Fighting Malicious Code by Michael Hale Ligh, Steven Adair, Blake Hartstein, Matthew Richard published by Wiley, ISBN:
  • Removable SATA Hard Drive, at least 80GB
Promotion Policy:
  • Pass the weighted average of all assessments
  • Pass the weighted average of the exam and the tests
  • Pass the final exam
  • Successfully complete all assignments and lab exercises.


Grading Policy http://www.senecacollege.ca/about/policies/grading-policy.html

A+ 90%  to  100%
A 80%  to  89%
B+ 75%  to  79%
B 70%  to  74%
C+ 65%  to  69%
C 60%  to  64%
D+ 55%  to  59%
D 50%  to  54%
F 0%    to  49% (Not a Pass)
EXC Excellent
SAT Satisfactory
UNSAT Unsatisfactory

For further information, see a copy of the Academic Policy, available online (http://www.senecacollege.ca/about/policies/academics-and-student-services.html) or at Seneca's Registrar's Offices (http://www.senecacollege.ca/registrar/gpacalulator.html.

Practical Tests (Minimum 2) 25%
Labs 15%
Project 25%
Final Exam 35%
Approved By:
Mary-Lynn Manton
Cheating and Plagiarism:
Seneca upholds a learning community that values academic integrity, honesty, fairness, trust, respect, responsibility and courage. These values enhance Seneca's commitment to deliver high-quality education and teaching excellence, while supporting a positive learning environment. Ensure that you are aware of Seneca's Academic Integrity Policy which can be found at: http://www.senecacollege.ca/about/policies/academic-integrity-policy.html Review section 2 of the policy for details regarding approaches to supporting integrity. Section 2.3 and Appendix B of the policy describe various sanctions that can be applied, if there is suspected academic misconduct (e.g., contract cheating, cheating, falsification, impersonation or plagiarism).

Please visit the Academic Integrity website http://open2.senecac.on.ca/sites/academic-integrity/for-students to understand and learn more about how to prepare and submit work so that it supports academic integrity, and to avoid academic misconduct.
Discrimination and Harassment:
All students and employees have the right to study and work in an environment that is free from discrimination and/or harassment. Language or activities that defeat this objective violate the College Policy on Discrimination/Harassment and shall not be tolerated. Information and assistance are available from the Student Conduct Office at student.conduct@senecacollege.ca.
Accomodation for Students with Disabilities
The College will provide reasonable accommodation to students with disabilities in order to promote academic success. If you require accommodation, contact the Counselling and Accessibility Services Office at ext. 22900 to initiate the process for documenting, assessing and implementing your individual accommodation needs.

Program Information