• Online, Self-Paced
Course Description

Cybercrime is a growing industry. McAfee Labs reported a 165% increase in ransomware in one recent quarter. A survey of small to medium Australian businesses found that phishing emails had been received by 98% of all respondents (Small to Medium Enterprise Cyber Security Awareness, 2014). In 2017, the FBI Internet Crime Complaint Center (IC3) recorded 15,690 Business Email Compromise cases, equating to US$675 million in adjusted losses in the US alone.

This short course uses a real-life case study to explain the procedures of a cybersecurity investigation. No installation of forensic software is required for this course, as online tools are used. Exercises are incorporated to make the course interactive. Takeaways include concise templates based on NIST (National Institute of Standards and Technology) standards. Forensic tools, including online, open source, and commercial are introduced. Good practices from a European CERT are incorporated.

The National Cybersecurity Workforce Framework was used in developing this course.
Domain: Investigation

Level: Intermediate
CPE: 4 hours


Learning Objectives


  1. List at least five common high cybersecurity risks
  2. List the four phases of a cyber security investigation, and specific steps for common activities
  3. Explain what should be done during triage of a cyber security incident
  4. Explain the different types of malware and the identification process
  5. Explain how malware propagates, operates and spreads and the different ways it harms the computer user
  6. Explain how attribution of the malware can sometimes be determined


Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Investigation
  • Digital Forensics