• Online, Self-Paced
Course Description

In this Challenge Lab, you will perform header analysis of a suspicious email. First, you will perform an email address verification check by using centralops.net. Next, you will attempt to discover an association between the email address discovered by the header analysis of the suspicious email by using four tools and services on the OSINT Framework web site, including That’sThem, VerifyEmail, Email Reputation, and Have I Been Pwned. Next, you will analyze the suspicious email by using MX Toolbox, and then you will determine who the domain name of the suspicious email address is registered to by using WHOIS. Finally, you will perform a number registration lookup of the suspicious email by using the American Registry for Internet Numbers, and then you will perform a location lookup of the email address by using IP2LOCATION. Note: Once you begin the Challenge Lab, you will not be able to pause, save, or exit and then return to your Challenge Lab. Please ensure that you have set aside enough time to complete the Challenge Lab before you start.

Learning Objectives

In this Challenge Lab, you will perform header analysis of a suspicious email. First, you will perform an email address verification check by using centralops.net. Next, you will attempt to discover an association between the email address discovered by the header analysis of the suspicious email by using four tools and services on the OSINT Framework web site, including That’sThem, VerifyEmail, Email Reputation, and Have I Been Pwned. Next, you will analyze the suspicious email by using MX Toolbox, and then you will determine who the domain name of the suspicious email address is registered to by using WHOIS. Finally, you will perform a number registration lookup of the suspicious email by using the American Registry for Internet Numbers, and then you will perform a location lookup of the email address by using IP2LOCATION. Note: Once you begin the Challenge Lab, you will not be able to pause, save, or exit and then return to your Challenge Lab. Please ensure that you have set aside enough time to complete the Challenge Lab before you start.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cybersecurity Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.