This course trains students to conduct an intrusion investigation on large-scale, heterogeneous networks actively under attack. Students learn to assess the scope of a live, dynamic incident and apply several investigative techniques while on scene to identify the source, target and methods of a compromise by using free, readily available tools.
Recognize the necessary components for a live network response
Investigate a variety of operating systems within a live network in a timely and efficient manner
Collect and analyze volatile data from multiple network devices and compromised computers
Set up a system of network monitoring sensors and readjust the sensors during the course of the investigation
Perform an initial scope assessment with minimal data and constantly reassess scope based on new findings
Optimize system entrenchment and monitoring techniques to further identify malicious activity on a compromised network segment
Recommend proper Containment, Eradication, Recovery and Post-Incident Activity
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.