• Online, Instructor-Led
  • Classroom

Basic network and host
operations knowledge
Experience commensurate
with one to five years of
network, host, or application
administration

Learning Objectives

Successful completion of this course will enable students to:

  • Identify the core components of the operating system and a certain a current state, using built-in or other trusted tools
  • Analyze a running system and detect abnormal behavior relating to operating system components
  • Use event log analysis to verify and correlate the artifacts of anomalous behavior and determine the scope of an intrusion
  • Build or modify PowerShell scripts to Interrogate an operating system and automate repetitive analytic tasks
  • Create and use a system baseline to identify unexpected items, such as rogue accounts or configuration changes

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Analysis
  • Digital Forensics
  • Incident Response
  • Systems Analysis

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.