Cybercrime is a growing industry. McAfee Labs reported a 165% increase in ransomware in one recent quarter. A survey of small to medium Australian businesses found that phishing emails had been received by 98% of all respondents (Small to Medium Enterprise Cyber Security Awareness, 2014). In 2017, the FBI Internet Crime Complaint Center (IC3) recorded 15,690 Business Email Compromise cases, equating to US$675 million in adjusted losses in the US alone.
This short course uses a real-life case study to explain the procedures of a cybersecurity investigation. No installation of forensic software is required for this course, as online tools are used. Exercises are incorporated to make the course interactive. Takeaways include concise templates based on NIST (National Institute of Standards and Technology) standards. Forensic tools, including online, open source, and commercial are introduced. Good practices from a European CERT are incorporated.
The National Cybersecurity Workforce Framework was used in developing this course. Domain: Investigation
Level: Intermediate CPE: 4 hours
List at least five common high cybersecurity risks
List the four phases of a cyber security investigation, and specific steps for common activities
Explain what should be done during triage of a cyber security incident
Explain the different types of malware and the identification process
Explain how malware propagates, operates and spreads and the different ways it harms the computer user
Explain how attribution of the malware can sometimes be determined
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.