• Classroom
Course Description

This course trains students to conduct an intrusion investigation on large-scale, heterogeneous networks actively under attack. Students learn to assess the scope of a live, dynamic incident and apply several investigative techniques while on scene to identify the source, target and methods of a compromise by using free, readily available tools.

Learning Objectives

  • Recognize the necessary components for a live network response
  • Investigate a variety of operating systems within a live network in a timely and efficient manner
  • Collect and analyze volatile data from multiple network devices and compromised computers
  • Set up a system of network monitoring sensors and readjust the sensors during the course of the investigation
  • Perform an initial scope assessment with minimal data and constantly reassess scope based on new findings
  • Optimize system entrenchment and monitoring techniques to further identify malicious activity on a compromised network segment
  • Recommend proper Containment, Eradication, Recovery and Post-Incident Activity

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Analysis