Course

Course Summary
Credit Type:
Course
ACE ID:
DDCI-0007
Organization's ID:
NIT480
Organization:
DC3 Cyber Training Academy
Location:
Classroom-based
Length:
80 hours (10 days)
Dates Offered:
Credit Recommendation & Competencies
Level Credits (SH) Subject
Upper-Division Baccalaureate 5 Information Technology Security, or Computer Forensics
Description

Objective:

The course objective is to provide Department of Defense and federal law enforcement cyber investigations analysts with a scenario-based course that teaches how to investigate intrusions on live large-scale, heterogeneous, enterprise networks as intrusions occur. Students learn how to conduct a timely and efficient intrusion investigation on live servers with a variety of operating systems. They collect and analyze volatile data from multiple network devices and compromised computers and set up network monitoring sensors. Students learn to assess the scope of live, dynamic network incidents and to apply investigative methodology while on-scene to identify the source, target, and methods of a network compromise.

Learning Outcomes:

  • Prepare for a live network response
  • Perform an initial scope assessment with minimal data and constantly reassess scope based upon new findings
  • Collect and analyze volatile data from multiple network devices and compromised computers
  • Set up a system of network monitoring sensors and readjust the sensors during the course of the investigation
  • Conduct a timely and efficient intrusion investigation on live servers with a variety of operating systems
  • Use system entrenchment and monitoring techniques to further identify malicious activity on a known-compromised network segment

General Topics:

  • Enterprise architecture and intrusion methodology
  • Incident response life cycle
  • Incident preparation, case management, and investigating using the scientific method
  • Witness device processing, system processing tools, volatile data analysis and direct command execution, memory dump, live imaging, and analysis
  • Network monitoring
  • Malicious code analysis
  • Containment, recovery, and post-incident activities
  • Interim and final reports preparation
Instruction & Assessment

Instructional Strategies:

  • Audio Visual Materials
  • Case Studies
  • Classroom Exercise
  • Discussion
  • Laboratory
  • Lectures
  • Practical Exercises
Supplemental Materials