• Classroom
Course Description

This course trains students to conduct an intrusion investigation on large-scale, heterogeneous networks actively under attack. Students learn to assess the scope of a live, dynamic incident and apply several investigative techniques while on scene to identify the source, target and methods of a compromise by using free, readily available tools.

Learning Objectives

  • Recognize the necessary components for a live network response
  • Investigate a variety of operating systems within a live network in a timely and efficient manner
  • Collect and analyze volatile data from multiple network devices and compromised computers
  • Set up a system of network monitoring sensors and readjust the sensors during the course of the investigation
  • Perform an initial scope assessment with minimal data and constantly reassess scope based on new findings
  • Optimize system entrenchment and monitoring techniques to further identify malicious activity on a compromised network segment
  • Recommend proper Containment, Eradication, Recovery and Post-Incident Activity

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Defense Analysis

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.