Module Details
| Module Code: |
COMP7045 |
| Title: |
Windows Security
|
|
Long Title:
|
Windows Security
|
| NFQ Level: |
Intermediate |
| Valid From: |
Semester 1 - 2024/25 ( September 2024 ) |
| Field of Study: |
4811 - Computer Science
|
| Module Description: |
In this module students will learn about Operating System's and its registries in a Windows environment and its application in security in particular. In addition, the student will learn about typical filesystems such as NTFS and how artefacts can be found that might be useful in a forensics investigation. It will also consider how an enterprise wide system such as Active Directory (AD) works and how Group Policy Objects (GPO) can be used. Finally, it will look at authentication in an enterprise system such as Kerberos.
|
| Learning Outcomes |
| On successful completion of this module the learner will be able to: |
| # |
Learning Outcome Description |
| LO1 |
Solve a number of security related tasks using powershell as a scripting language |
| LO2 |
Distinguish which Powershell commands are best to use in circumstances where Powershell scripting is required. |
| LO3 |
Locate and evaluate forensic artefacts in a Windows operating system. |
| LO4 |
Describe how authentication works in an enterprise wide system such as Active Directory |
| LO5 |
Implement tasks on individual and on groups of hosts in an enterprise wide system. |
| Dependencies |
Module Recommendations
This is prior learning (or a practical skill) that is strongly recommended before enrolment in this module. You may enrol in this module if you have not acquired the recommended learning but you will have considerable difficulty in passing (i.e. achieving the learning outcomes of) the module. While the prior learning is expressed as named MTU module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).
|
|
Incompatible Modules
These are modules which have learning outcomes that are too similar to the learning outcomes of this module. You may not earn additional credit for the same learning and therefore you may not enrol in this module if you have successfully completed any modules in the incompatible list.
|
| No incompatible modules listed |
Co-requisite Modules
|
| No Co-requisite modules listed |
Requirements
This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.
|
| No requirements listed |
| Indicative Content |
|
PowerShell and WMIC
Scripting with PowerShell; Adding and removing roles; getting a remote inventory; dealing with service failure; setting password policies; getting an app inventory, Use of WMIC.
|
|
FileSystem Study
How a filesystem such as FAT and/or NTFS works. Boot Sector, MBR, MFT, logfile, bitmap, boot, permissions, volume shadow copy.
|
|
Forensics Introduction
Allocated and unallocated space, slack space, file carving, imaging a drive, artefact location, timestamps.
|
|
Remote Administration
Performing tasks on individual and on groups of hosts in an enterprise wide system, including tasks which help secure users and computers/servers in a domain. Secure user authentication.
|
|
Windows Internals
The Registry, local accounts, Security applications such as AppLocker, backup and restore, use of tools such as regshot and procmon. Keys and values.
|
|
Module Content & Assessment
|
| Assessment Breakdown | % |
|---|
| Coursework | 100.00% |
Assessments
| No End of Module Formal Examination |
| Reassessment Requirement |
Coursework Only
This module is reassessed solely on the basis of re-submitted coursework. There is no repeat written examination.
|
The University reserves the right to alter the nature and timings of assessment
Module Workload
| Workload: Full Time |
| Workload Type |
Contact Type |
Workload Description |
Frequency |
Average Weekly Learner Workload |
Hours |
| Lecture |
Contact |
Lecture delivering theory underpinning learning outcomes. |
Every Week |
2.00 |
2 |
| Lab |
Contact |
Lab to support learning outcomes. |
Every Week |
2.00 |
2 |
| Directed Learning |
Non Contact |
Directed learning. |
Every Week |
3.00 |
3 |
| Total Hours |
7.00 |
| Total Weekly Learner Workload |
7.00 |
| Total Weekly Contact Hours |
4.00 |
| Workload: Part Time |
| Workload Type |
Contact Type |
Workload Description |
Frequency |
Average Weekly Learner Workload |
Hours |
| Lecture |
Contact |
Lecture delivering theory underpinning learning outcomes. |
Every Week |
2.00 |
2 |
| Lab |
Contact |
Lab to support learning outcomes. |
Every Week |
2.00 |
2 |
| Directed Learning |
Non Contact |
Directed Learning. |
Every Week |
3.00 |
3 |
| Total Hours |
7.00 |
| Total Weekly Learner Workload |
7.00 |
| Total Weekly Contact Hours |
4.00 |
|
Module Resources
|
| Recommended Book Resources |
|---|
-
Mark Russinovich,Andrea Allievi,Alex Ionescu,David Solomon. (2022), Windows Internals, Part 2, 7. Microsoft Press, p.768, [ISBN: 9780135462409].
| | Supplementary Book Resources |
|---|
-
William R. Stanek & William Stanek Jr.. (2021), PowerShell for Administration, IT Pro Solutions: Professional Reference Edition, Stanek & Associates, [ISBN: 9781666000702].
-
Philip Polstra. (2016), Windows Forensics with Python Scripting, CreateSpace, [ISBN: 9781535312431].
-
Harlan Carvey. (2016), Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry, 2. Syngress, [ISBN: 9780128032916].
-
MIRIAM. WIESNER. (2023), POWERSHELL AUTOMATION AND SCRIPTING FOR CYBERSECURITY, Packt Publishing, [ISBN: 9781800566378].
| | This module does not have any article/paper resources |
|---|
| Other Resources |
|---|
-
website, Scripting Guy Blog,
-
website, Windows Powershell Blog,
-
website, SANS Digital Forensics and Incident
Response Blog,
|
|
