• Online, Self-Paced
Course Description

In this 14-video course, learners can explore best practices for anomaly detection for network forensics with topics such as network behavior anomaly detection (NBAD), frequency analysis, identifying beaconing activity, and recognizing signs of brute force attacks. Also discover protocol and population analysis, HTTPS and SSH (Secure Shell) attacks, as well as triage methods. Begin with a look at concepts and applications of NBAD, then discover how to implement frequency analysis. Learn how to identify beaconing activity, and how to recognize the signs of a brute force attack. Next, learners examine protocol analysis approaches and techniques, and learn about HTTPS attacks, deducing the activity of encrypted web traffic. Analyze SSH authentication behavior; take an overview of population analysis; explore techniques used to reveal hidden connections with behavioral analysis; and learn how to differentiate between different NBAD triage methods. In the final tutorials, discover methods and techniques for performing network anomaly analysis and the benefits of anomaly detection, and examine how network forensics can be used to protect mission critical areas of business.

Learning Objectives

{"identify the objectives of the course"}

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Operational Planning
  • Cyber Operations
  • Cyber Defense Analysis
  • Cyber Defense Infrastructure Support
  • Cybersecurity Management
  • Digital Forensics
  • Executive Cyber Leadership
  • Systems Analysis
  • Threat Analysis
  • Vulnerability Assessment and Management


If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.