• Classroom
Course Description

This course trains students to conduct an intrusion investigation on large-scale, heterogeneous networks actively under attack. Students learn to assess the scope of a live, dynamic incident and apply several investigative techniques while on scene to identify the source, target and methods of a compromise by using free, readily available tools.

Learning Objectives

  • Recognize the necessary components for a live network response
  • Investigate a variety of operating systems within a live network in a timely and efficient manner
  • Collect and analyze volatile data from multiple network devices and compromised computers
  • Set up a system of network monitoring sensors and readjust the sensors during the course of the investigation
  • Perform an initial scope assessment with minimal data and constantly reassess scope based on new findings
  • Optimize system entrenchment and monitoring techniques to further identify malicious activity on a compromised network segment
  • Recommend proper Containment, Eradication, Recovery and Post-Incident Activity

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.