Module 1 – Incident management and threat assessment
- 		Engagement lifecycle management
- 		Incident chronology
- 		Record keeping, interim reporting, and final results
- 		Threat assessment
	Module 2 – Network threat monitoring and discovery
- 		IP protocols and network architectures
- 		Common classes of tools
- 		OS and application fingerprinting
- 		Network access control analysis
- 		Cryptography and applications of cryptography
- 		File system permissions and host analysis techniques
- 		Understanding common data formats
- 		Exercises:		- 				Reviewing HTTP and HTTPS traffic using a network analyser
- 				Identifying network connections with netstat
- 				Password cracking using NMAP
- 				Analysing file permissions in Linux
 
	Module 3 – Background information gathering and open source intelligence
- 		Registration records and DNS analysis
- 		Open source investigation and web enumeration
- 		Extraction of document metadata
- 		Community knowledge sources
- 		Exercises:		- 				Using DNSrecon to enumerate a website
- 				Performing Google Dorking to gather target information
- 				Gathering intelligence on domains using OSINT-spy
- 				Using tools to monitor crypto transactions and abuse
- 				Investigating IP addresses with OSINT tools
 
	Module 4 – Threat detection and treatment
- 		Network traffic capture, logs, and configuration security
- 		Identifying unusual protocol behaviour, beaconing, and encryption misuse
- 		Command and control channels, data exfiltration, reconnaissance
- 		Internal spread, privilege escalation, and managing false positives
- 		Exercises:		- 				Examining PCAP data
- 				Analysing torrent traffic
- 				Reviewing Apache logs using Excel
- 				Investigating a large firewall dataset
- 				Performing social engineering attacks
 
	Module 5 – Analysing threat intrusions
- 		Host-based data acquisition and live analysis setup
- 		Windows file systems, file structures, and registry essentials
- 		Identifying suspect files and storage media analysis
- 		Memory analysis and infection vectors
- 		Malware behaviours, anti-forensics, and rootkit identification
- 		Exercises:		- 				Capturing and examining memory artefacts
- 				Examining external media, browser, account usage, and emails
- 				Analysing Windows artefacts in an espionage scenario
- 				Detecting exploit kits within a network
- 				Creating malware samples for testing
- 				Identifying rootkits using chkrootkit
 
	Module 6 – Threat detection engineering and malware discovery
- 		Anti-reverse engineering techniques
- 		Functionality identification and Windows architecture
- 		API development and binary code structures
- 		Cryptographic techniques and processor architectures
- 		Windows executable formats, obfuscation, and hiding techniques
- 		Malware behavioural analysis and reporting
	Exams and assessments
	This course includes the National Cyber Security Center (NCSC) assured training exam:
- 		Online proctored exam taken after the course
- 		Duration: 90 minutes
- 		Format: 60 multiple-choice questions
- 		Passing score: 60%
- 		Successful learners receive a digital badge
	Hands-on learning
	This course provides extensive practical application, including:
- 		Scenario-driven exercises across all modules
- 		Network traffic analysis and log investigation
- 		Use of OSINT and threat intelligence tools
- 		Memory forensics and malware analysis techniques
- 		Realistic intrusion case studies to develop investigative skills