• Online, Self-Paced

In this course, you'll examine the importance of logs, as well as types of evidence that can be acquired from them. Next, you'll learn how critical disk images can be during an investigation and about the comparisons and analysis that can transpire in an investigation. Finally, you'll review some of the most important information that can be found in the out of malware analysis tools. This course is one of a collection that prepares learners for the 200-201: Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) exam.

Learning Objectives

{"recognize how data must be acquired from logs to be considered evidence","recognize the use of the different types of evidence","apply examples of evidence to their type of evidence"}

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cyber Investigation
  • Cyber Operational Planning
  • Cyber Operations
  • Cybersecurity Management
  • Executive Cyber Leadership
  • Network Services
  • Threat Analysis

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.