Successful completion of this exam will demonstrate a candidate's ability to detect and analyze various network packets and associated flags. Following or tracing various protocol streams to determine various attacks will be demonstrated. The candidate will demonstrate the ability to reconstruct files for analysis and recreation of different attack scenarios.
Successful completion of this exam will demonstrate the candidate's ability to understand signature basics, what functions signatures serve, header values, how to Identifying possible signature components, and choosing a signature. The candidate shall understand the aspects of real time streaming protocols and forensic file reconstruction.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.