Course

Course Summary
Credit Type:
Course
ACE ID:
NCFI-0002
Organization's ID:
NITRO
Location:
Classroom-based
Length:
3 weeks, 116 hours
Dates Offered:
Credit Recommendation & Competencies
Level Credits (SH) Subject
Lower-Division Baccalaureate 3 Introduction to Cyber Security
Description

Objective:

NITRO is a fifteen-day course designed to provide training on how to effectively respond to a network incident including mitigation of the problem, collection of volatile data, and intrusion investigation of a network based crime. The course combines instructor led discussions and practical exercises to teach methodologies and techniques used during investigations involving networks.

Learning Outcomes:

  • Understand and explain the types of networking topology and connectivity.
  • Apply a knowledge of different components of a computer network to locate equipment that may play a role in an intrusion investigation.
  • Apply knowledge of a computer network to navigate from one network component to another.
  • Apply a knowledge of common network case types and their methods of operation to a network intrusion investigation.
  • Understand and define a network intrusion, including be able to list and describe the stages of a typical breach, as well as the stages of Network Intrusion Investigation Process, and identify where key events fall within the Anatomy of the Breach Diagram.
  • Identify the role of incident response as it relates to common cybercrimes, as well as discuss the difference between victim and suspect computer, and the legal requirements to access them.
  • Apply a knowledge of computer network components and industry standard tools to collect and utilize network logs.
  • Apply a knowledge of computers and industry standard tools to acquire RAM memory, volatile data, and disk images from a target computer.
  • Analyze a combination of RAM, volatile data, network logs, security alerts, and/or a disk image to determine the cause of a network intrusion.
  • Evaluate data and artifacts from a network intrusion investigation to create a report which describes the incident they responded to, the malware or attack involved, and the evolution of the attack.
  • Evaluate the results of a network intrusion investigation and present the findings to an AUSA or prosecutor.

General Topics:

  • Incident Response Event vs Incident Anatomy of the hack Scoping VM walk-through CLI / CLI lab Malware Forensics Basics Network Fundamentals Network Topography Types of Breaches Significant Breaches Network Topography labs CTI MITRE Framework CTI labs OSINT Legal Considerations Attribution Best Evidence Group Malware Research Project Industry Standard Tools Live Analysis & Data Collection Windows Filesystem Windows Filesystem Lab Windows Registry Windows Registry Lab Log Files Log Files Labs Linux Filesystem Linux Filesystem Lab PCAP Analysis PCAP Labs RAM lesson & collection YARA Rules & lab Unstructured Memory Analysis & LAB Memory Analysis Lesson, Tools, & Lab QBOT Timeline walkthrough Timelining Tools Reporting & Labs Scope and Response Review Machine and Toolset Review Final Practical
Instruction & Assessment

Instructional Strategies:

  • Audio Visual Materials
  • Case Studies
  • Classroom Exercise
  • Computer Based Training
  • Discussion
  • Laboratory
  • Lectures
  • Practical Exercises

Methods of Assessment:

  • Performance Rubrics (Checklists)
  • Presentations

Minimum Passing Score:

70%
Supplemental Materials

Other offerings from United States Secret Service National Computer Forensics Institute