This translation is for information purposes only. In the event of discrepancies, the Swedish-language version takes precedence.

Ethical hacking, penetration testing, and IT forensics, 7.5 Credits

Etisk hackning, penetrationstestning och IT-forensik, 7,5 Högskolepoäng

Established: 2023-10-31

Established by: Department of Engineering Science

Applies from: V24

Learning outcomes

After the course, the student shall be able to:

Knowledge and understanding

• explain different types of hacking.
• describe some aspects of vulnerability research.
• explain the important steps in ethical hacking and penetration testing.
• describe the main phases of incident response.
• explain the principles of digital evidence collection and handling.

Skills and abilities

• use penetration testing tools.
• set up logging in a secure way, and do simple log analysis.
• use digital forensics tools.

Judgement and approach

• show insight into some of the ethical and legal aspects and problems associated with hacking, vulnerability research, penetration testing, and evidence collection.

Entry requirements

General entry requirements and approved result from the following course/courses: PFC600-Principles of cybersecurity or the equivalent.

The forms of assessment of student performance

• Individual written exam
• Lab assignment in groups with oral and written reporting

Course contents

In this course, a number of tools and methods to improve cyber security are studied. Some of the methods are preventive and used to improve protection, and some are reactive and are used to handle suspected attacks.

Preventive methods are ethical hacking and penetration testing. Ethical hacking uses methods like vulnerability research, threat analysis, and vulnerability reporting. The market for vulnerabilities is also discussed. Penetration testing uses methods like reconnaissance, scanning for vulnerabilities, exploitation of vulnerabilities, and credentials cracking.

Reactive methods are log handling, IT incident handling, and IT forensics. Subjects in log handling are secure logging and log analysis. Subjects in IT incident handling are the different phases of incident handling, preparation, identification, containment, eradication, and recovery. Subjects in IT forensics are acquisition and preservation of digital evidence.

Other regulations

Course grading: F/Fx/E/D/C/B/A - Insufficient, Insufficient- more work required before the credit can be awarded, Sufficient, Satisfactory, Good, Very Good, Excellent

Course language: The teaching is conducted in English.

General rules pertaining to examination at University West are available at www.hv.se.

If the student has a decision/recommendation on special support due to disability, the examiner has the right to examine the student in a customized examination form.

Cycle

Second cycle

Progressive specialization

A1F - Second cycle, has second-cycle course/s as entry requirements

Main field of study

Computer Engineering, Computer Science