This course trains students to conduct an intrusion investigation on large-scale, heterogeneous networks actively under attack. Students learn to assess the scope of a live, dynamic incident and apply several investigative techniques while on scene to identify the source, target and methods of a compromise by using free, readily available tools.
- Recognize the necessary components for a live network response
- Investigate a variety of operating systems within a live network in a timely and efficient manner
- Collect and analyze volatile data from multiple network devices and compromised computers
- Set up a system of network monitoring sensors and readjust the sensors during the course of the investigation
- Perform an initial scope assessment with minimal data and constantly reassess scope based on new findings
- Optimize system entrenchment and monitoring techniques to further identify malicious activity on a compromised network segment
- Recommend proper Containment, Eradication, Recovery and Post-Incident Activity