National CAE Designated Institution
  • Online, Instructor-Led

Course Desc: A lab-based, hands-on study of the tools and processes used to efficiently extract, arrange, analyze, and manage log files from a variety of applications, devices, and systems. The goal is to process and examine log files to identify tactics, techniques, and procedures used by an adversary as part of a cyberattack or incident. Topics include log analysis, log management, threat detection, auditing, cybersecurity artifacts, security incidents and intrusions, and security information and event management (SIEM) systems and tools.

Learning Objectives

After completing this course, you should be able to:
Evaluate log management and analysis methodology to support a forensics investigation.
Organize information from large log files to isolate activity related to a cyber-attack.
Analyze log files, evidence, and other information to determine tactics, techniques and procedures and actors associated with a cyber-attack.
Mitigate gaps in an organization's cybersecurity logging strategy.
Evaluate security information and event management (SIEM) systems to support log analysis and auditing, policies and procedures, and centralized logging management.
Generate technical reports summarizing digital forensics and cyber investigation log analysis findings and recommendations.
Analyze information from log files with other forensic evidence including disk images, images of RAM, and other evidence included with a case.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Competency Areas