Attention: November 11th is the last day to access FedVTE. Users may access FedVTE until 6PM EST on November 11th. After this time FedVTE will be permanently decommissioned. Starting November 15th, users will be able to access all the same learning content through CISA Learning. Stay tuned for more details about the CISA Learning platform.

Task ID: T1090

Determine best methods for identifying the perpetrator(s) of a network intrusion

Work roles with this Task

  • Digital Forensics

    NICE Framework ID: PD-WRL-002

    Responsible for analyzing digital evidence from computer security incidents to derive useful information in support of system and network vulnerability mitigation.

  • Cybercrime Investigation

    Category: Investigation
    NICE Framework ID: IN-WRL-001

    Responsible for investigating cyberspace intrusion incidents and crimes. Applies tactics, techniques, and procedures for a full range of investigative tools and processes and appropriately balances the benefits of prosecution versus intelligence gathering.

  • Digital Evidence Analysis

    Category: Investigation
    NICE Framework ID: IN-WRL-002

    Responsible for identifying, collecting, examining, and preserving digital evidence using controlled and documented analytical and investigative techniques.