Module Descriptors
MALWARE ANALYSIS AND REVERSE ENGINEERING
COMP60021
Key Facts
School of Digital, Technologies and Arts
Level 6
30 credits
Hours of Study
Scheduled Learning and Teaching Activities:
Independent Study Hours:
Total Learning Hours: 300
Assessment
- Coursework - Assignment (critical review/analysis of specific malicious code) 6000 words weighted at 100%
Module Details
Module Learning Outcomes
1. Demonstrate a critical and systematic understanding of malicious software and malicious code implementation and the social, legal and ethical implications of malware and attendant commercial risks from infection.
Knowledge and Understanding
2. Critically evaluate the design, code and the implementation of a malicious component and the steps required to reverse engineer the process.
Application
3. Critically evaluate various techniques at the forefront of the discipline used in the field.
Analysis, Problem Solving
4. Develop critical awareness of the task of isolating an infected system and perform malicious code analysis and reverse engineering in line with advanced professional practice.
Knowledge and Understanding
Knowledge and Understanding
2. Critically evaluate the design, code and the implementation of a malicious component and the steps required to reverse engineer the process.
Application
3. Critically evaluate various techniques at the forefront of the discipline used in the field.
Analysis, Problem Solving
4. Develop critical awareness of the task of isolating an infected system and perform malicious code analysis and reverse engineering in line with advanced professional practice.
Knowledge and Understanding
Module Additional Assessment Details
Assignment will typically require a critical review/analysis of specific malicious code. The student will be required to perform static and dynamic analysis of the given malicious code.
(all learning outcomes) Weighting: 100% 6000 words
The assignment is completed as an individual task following standard methods to analyse viruses and malicious code. Full documentation of the process and its outcome are expected.
(all learning outcomes) Weighting: 100% 6000 words
The assignment is completed as an individual task following standard methods to analyse viruses and malicious code. Full documentation of the process and its outcome are expected.
Module Indicative Content
This module examines operational viruses and malicious code that are designed to attack and compromise computer systems, and the methods used to exploit a weakness in installed software that could lead to the system being fully controlled. This module will focus on the identification and the forensic analysis of malicious code. Legal, ethical and social implications of malware are also considered.
Module Learning Strategies
Module Launch (30 hours)
There will be a module launch during which around 20 hours of face to face contact will be devoted to undertaking tasks which are designed to provide useful insights into the module content and purpose. The remaining time will be spent on guided learning activities.
Additional Guided Learning (22 hours)
A module tutor who is part of the teaching team of the module will be allocated to you and you will meet them during the launch. Following the launch, there will be some materials on the VLE which are designed to guide your learning. Additionally, there will be at least two hour long sessions per week of contact time for the eleven weeks following the launch. This will be used for learning guided led by your module tutor. It will be a face to face presentation if you are on day release. For online learners it will be flipped classroom approach with group (up to 20) seminars.
Reviews:
(1 hour per student)
Independent learning (247 hours)
The module leader will provide resources through the virtual learning environment which will include videos and presentations as well as links to useful websites. Other academic learning will be achieved through reading around the subject area. Module tutors will suggest useful texts, though many others will be suitable and can be found in our e-library. If you require help understanding any of the concepts, you may contact your module tutor for assistance.
Part of your independent learning will take place in your workplace under the guidance of your mentor. You will complete a work-based learning agreement to ensure that arrangements are in place at your workplace to facilitate this work-based learning. You are encouraged to endeavour to apply your growing academic knowledge to improve your work practice and to reflect on your work-based experiences to improve your learning.
You will be required to complete assignment work during independent learning time. Assignment work for a 30 credit module at level 6 should take around 140 hours to complete
Additional help with learning
You will have access to the departmental librarian. As a student, you are more than welcome to visit the university at any time and to use the resources. During time at the university, you may arrange to meet your module tutor or academic coach for additional help
There will be a module launch during which around 20 hours of face to face contact will be devoted to undertaking tasks which are designed to provide useful insights into the module content and purpose. The remaining time will be spent on guided learning activities.
Additional Guided Learning (22 hours)
A module tutor who is part of the teaching team of the module will be allocated to you and you will meet them during the launch. Following the launch, there will be some materials on the VLE which are designed to guide your learning. Additionally, there will be at least two hour long sessions per week of contact time for the eleven weeks following the launch. This will be used for learning guided led by your module tutor. It will be a face to face presentation if you are on day release. For online learners it will be flipped classroom approach with group (up to 20) seminars.
Reviews:
(1 hour per student)
Independent learning (247 hours)
The module leader will provide resources through the virtual learning environment which will include videos and presentations as well as links to useful websites. Other academic learning will be achieved through reading around the subject area. Module tutors will suggest useful texts, though many others will be suitable and can be found in our e-library. If you require help understanding any of the concepts, you may contact your module tutor for assistance.
Part of your independent learning will take place in your workplace under the guidance of your mentor. You will complete a work-based learning agreement to ensure that arrangements are in place at your workplace to facilitate this work-based learning. You are encouraged to endeavour to apply your growing academic knowledge to improve your work practice and to reflect on your work-based experiences to improve your learning.
You will be required to complete assignment work during independent learning time. Assignment work for a 30 credit module at level 6 should take around 140 hours to complete
Additional help with learning
You will have access to the departmental librarian. As a student, you are more than welcome to visit the university at any time and to use the resources. During time at the university, you may arrange to meet your module tutor or academic coach for additional help
Module Texts
Carrier B (2005) File System Forensic Analysis, Pearson Education, 2005, ISBN: 0321268172
Ligh M, Adair S, Hartstein B, Richar M (2011) Malware Analyst’s Cookbook and DVD, ISBN: 9780470613030
Malin, C, Aquilina, J, (2008) Malware Forensics: Investigating and Analyzing Malicious code, Syngress, ISBN: 159749268
Elisan, C. (2015) Advanced malware analysis. C., McGraw-Hill Education, ISBN: 0071819746.
Caballero, J, ¿Zurutuza U, ¿Ricardo J. Rodríguez J ( 2016) Detection of Intrusions and Malware, and Vulnerability Assessment DIMVA 2016 Conference Proceedings
Ligh M, Adair S, Hartstein B, Richar M (2011) Malware Analyst’s Cookbook and DVD, ISBN: 9780470613030
Malin, C, Aquilina, J, (2008) Malware Forensics: Investigating and Analyzing Malicious code, Syngress, ISBN: 159749268
Elisan, C. (2015) Advanced malware analysis. C., McGraw-Hill Education, ISBN: 0071819746.
Caballero, J, ¿Zurutuza U, ¿Ricardo J. Rodríguez J ( 2016) Detection of Intrusions and Malware, and Vulnerability Assessment DIMVA 2016 Conference Proceedings
Module Resources
Remote access to laboratory resources (VPN access),
Access to purposely built VMs
Access to purposely built VMs