Certified Cyber Investigator (CCI) Training

PREREQUISITES

You will need a good understanding and experience of:

• The forensic investigation process
• Windows and Linux operating systems
• Command line interface
• Computer networks

We strongly recommend completion of the 7Safe CFIP and CLFP courses as a minimum before attending this course.

WHO SHOULD ATTEND

This is an intensive training course designed for experienced forensic investigators and cyber security practitioners who already have a good knowledge of forensic investigation and want to extend their skills, including:

• Law enforcement officers & agents
• Digital investigators
• Cyber incident response team members
• IT security officers
• System/Network Administrators/Engineers
• eDiscovery consultants

THE SKILLS YOU WILL LEARN

You will learn and practice the critical skills needed to identify the correct forensic artefacts in a live network environment and how to preserve, extract and interpret them. We will show you how to correctly acquire and handle dynamic forensic evidence so that you do not inadvertently alter or destroy vital clues that could potentially result in your investigation failing or the resultant evidence being inadmissible in court.

Upon completion of the course you will:

• understand how home and office networks work
• be able to reduce your digital footprint when accessing a network
• have the skills to identify and capture network traffic
• be able to identify a cyber event
• have the knowledge of how to examine and analyse relevant data artefacts
• be able to identify and capture relevant log files
• understand how to identify and collect volatile data types
• be able to secure and access a live network
• have the ability to identify devices attached to a network
• be able to identify and collect suspect network traffic (Ethernet and Wi-Fi)
• have learnt remote network collection methodologies and techniques

KEY BENEFITS

This course will enable you to:

• Learn a number of methodologies for undertaking a sound cyber investigation
• Acquire and practice new techniques to extract relevant data from a live networked
• environment
• Gain confidence when identifying and capturing live operating system artefacts
• Improve your ability to respond effectively to a cyber event

SYLLABUS

Throughout the course, your time will be equally split between being taught the methods and principles required to isolate, investigate and extract evidence in a live network environment and applying these in practical, hands-on exercises based on real life scenarios, created in a set of physical and virtual networks. Topics covered will include:

1. Investigation Principles and Strategy

a. ACPO Guideline - The Four Principles

b. Competency

c. ISO Standards

d. Applicable Law

2. Computer Networks

a. What is a computer network?

b. Types of computer network

c. Network topologies

3. Network Reference Models

a. OSI Model

b. TCP/IP Model

4. Network Addressing

a. IPv4

b. IPv6

c. MAC Address

5. Network Protocols

a. Ports

b. What are protocols?

c. Transport layer protocols

d. Other protocols of interest

6. Network Environments

a. Home network

b. Business/office network

c. Public network

7. Network Devices

a. Computer (Desktop/Server)

b. Hub

c. Switch

d. Router

e. Other devices

8. Information Gathering

1. Analysis Environments

2. Identifying equipment

3. Accessing a network

4. Network mapping

5. Network traffic

6. Accessing Nodes (Computer, Switch, Router, other devices)

7. Reducing your digital footprint

8. Windows Management Instrumentation Command Line

9. PowerShell

10. Remote imaging and data collection

9. A Cyber Analysis Process

a. Correlating Results

b. Data Interpretation

10. Simplifying Complex Evidence

a. Subject knowledge levels

b. Clarity, simplicity, brevity

c. Reporting