Class #: 9260-23416

Class Description:

From crypto campaigns and insider attacks to Advanced Persistent Threats and cyber terrorists the networks are under a constant state of attack, ranging from the rudimentary script kiddies to sophisticated state sponsored attackers. Modern investigators must learn the necessary skills to investigate crimes involving networks and learn how to use the tools used in the public and private security teams to investigate these sophisticated attacks. This 40-hour course, the first in a series of two, is designed to introduce law enforcement investigators in the terms, devices and protocols that make up modern networks and provide the necessary skills to identify and investigate network-intrusions, including data breaches, internal theft, malware incidents, cyber terrorism and network breaches. Students will learn the basics of networking, including protocols, addressing, required devices, such as webservers, file servers, domain controllers, wireless networking and how to perform an incident response. Once a good foundation has been presented, students will learn to apply their traditional forensics skills to the network paradigm through analysis of network associated artifacts.

Who Should Attend:

Personnel who will be or currently conducting network-based investigations. Students MUST have a working knowledge of computer forensics, a familiarity with command-line navigation, and basic network knowledge. It is strongly recommended that that students should only attend the class if they have had more than one year of foresnsic experience and have been exposed to concepts such as malware analysis, memory parsing and network packet capture dissection. In addition, students should have completed the following DOJ Advanced Training Center's (ATC) classes; Internet Investigations (D200) and the Computer Digital Evidence Recover (D300). It is also strongly recommended that students review the various Linux environments, and become familiar with the Linux command-line. Students will also be provided with a glossary of terms to review prior to attending class.

Class Objectives:

Upon completion of this course, the students will understand the methods suspects use to commit network-related crimes and how investigators should respond to such incidents, gather evidence and perform analysis on dissimiliar data sets, reconstructing the events of the crime. The student will learn about network intrusions, different attack methodologies, proper evidence handling and investigative processes to perform netwok forensic investigations.

Additionally the students will be able to effectively communicate with systems administrators and other IT staff in support of network-based incidents or investigations. After course completion and armed with this knowledge, investigators will be better prepared to analyze network-based incidents for criminal activity and put a case together for successful prosecution.

Class Outline: