This course trains students to conduct an intrusion investigation on large-scale, heterogeneous networks actively under attack. Students learn to assess the scope of a live, dynamic incident and apply several investigative techniques while on scene to identify the source, target and methods of a compromise by using free, readily available tools.
Learning Objectives
- Recognize the necessary components for a live network response
- Investigate a variety of operating systems within a live network in a timely and efficient manner
- Collect and analyze volatile data from multiple network devices and compromised computers
- Set up a system of network monitoring sensors and readjust the sensors during the course of the investigation
- Perform an initial scope assessment with minimal data and constantly reassess scope based on new findings
- Optimize system entrenchment and monitoring techniques to further identify malicious activity on a compromised network segment
- Recommend proper Containment, Eradication, Recovery and Post-Incident Activity
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Cyber Defense Analysis
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.