Module 1 – Soft Skills and Incident Handling
- 		Engagement Lifecycle Management
- 		Incident Chronology
- 		Record Keeping, Interim Reporting & Final Results
- 		Threat Assessment
	Module 2 – Core Technical Skills
- 		IP Protocols
- 		Network Architectures
- 		Common Classes of Tools
- 		OS Fingerprinting
- 		Application Fingerprinting
- 		Network Access Control Analysis
- 		Cryptography
- 		Applications of Cryptography
- 		File System Permissions
- 		Host Analysis Techniques
- 		Understanding Common Data Format
	Exercise - Reviewing HTTP and HTTPS traffic using a network analyser
	Exercise - Identifying Network Connections with netstat
	Exercise - Password cracking using NMAP
	Exercise - Analysing file permissions in Linux
	Module 3 – Background Information Gathering & Open Source
- 		Registration Records
- 		Domain Name Server (DNS)
- 		Open Source Investigation and Web Enumeration
- 		Extraction of Document Meta Data
- 		Community Knowledge
	Exercise - Using DNSrecon to enumerate a website
	Exercise - Performing Google dorking to gain information about a target
	Exercise - Gathering intelligence on domains using OSINT-spy
	Exercise - Using intelligence tools to monitor transactions and crypto abuse
	Exercise - Using OSINT tools to investigate IP addresses
	Module 4 – Network Intrusion Analysis
- 		Network Traffic Capture
- 		Data Sources and Network Log Sources
- 		Network Configuration Security Issues
- 		Unusual Protocol Behaviour
- 		Beaconing
- 		Encryption
- 		Command and Control Channels
- 		Exfiltration of Data
- 		Incoming Attacks
- 		Reconnaissance
- 		Internal Spread and Privilege Escalation
- 		False Positive Acknowledgement
	Exercise – Examining PCAP data
	Exercise – Examining torrent traffic
	Exercise – Examining Apache Logs using Excel
	Exercise – Examining a large firewall log dataset
	Exercise – Performing social engineering attacks
	Module 5 – Analysing Host Intrusions
- 		Host-Based Data Acquisition
- 		Live Analysis Laboratory Set-up
- 		Windows File System Essentials
- 		Windows File Structures
- 		Application File Structures
- 		Windows Registry Essentials
- 		Identifying Suspect Files
- 		Storage Media
- 		Memory Analysis
- 		Infection Vectors
- 		Malware Behaviours and Anti-Forensics
- 		Rootkit Identification
- 		Malware Analysis
	Exercise - Capturing and examining memory artefacts
	Exercise - Examining memory artefacts on a live machine emails
	Exercise - Examining external media, browser, account usage and emails
	Exercise - Examining Windows artefacts in a corporate espionage case
	Exercise - Detecting exploit kits within a network
	Exercise - Creating malware to deploy to victims
	Exercise - Identifying rootkits using chkrootkit
	Module 6 – Reverse Engineering Malware
- 		Windows Anti-Reverse Engineering
- 		Functionality Identification
- 		Windows NT Architecture
- 		Windows API Development
- 		Binary code structure
- 		Cryptographic Techniques
- 		Processor Architectures
- 		Windows Executable File Formats
- 		Hiding Techniques
- 		Malware Reporting
- 		Binary Obfuscation
- 		Behavioural Analysis
	End of Course Exam
	National Cyber Security Center (NCSC) Assured Training Exam:
- 		Online proctored exam is taken post course
- 		Duration - 90 minutes
- 		Questions 60, multiple choice
- 		Passing score of 60%
- 		Digital badge