Have a question about OUR data Science training course?

training@itic.com.au

1300 008 001

Certified Network Forensic Analysis Manager (C-NFAM)

CNFAM-Course.jpg

The Certified Network Forensic Analysis Manager training course was originally developed for the U.S. government, and has now been made available to city, county, and state law enforcement agencies. Civilian personnel outside of the law enforcement community are also authorized to attend and will receive practical training for their business environments.

This comprehensive course brings incident response and network forensic core competencies to advanced levels by presenting students with 16 detailed learning objectives. Students will be provided with both experiential knowledge and practical skills that simulate real-world scenarios, investigations, and recovery of evidentiary data in systems and networks. Students will cover topics such as Incident Response Management, Live Data Collection, Analysis Methodology, and Malware Triage. Practical lab exercises utilize the Project Ares® Cyber Range and Wireshark network protocol analyzer software.

The Certified Network Forensic Analysis Manager course is a component of the career progression track that supports the required Categories, Specialty Areas and Work Roles as defined by the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. It provides a common language to speak about cyber roles and jobs and can be referenced to define professional requirements in cybersecurity.

Learning Outcomes

Upon successful completion of the training program, participants will be able to:

  • Identify the purpose of enterprise network devices such as firewalls (stateless, stateful, host, network, and application), switches, routers, access control lists, intrusion detection and prevention systems, unified threat management devices, and sources of critical logs.

  • Describe the purpose of enterprise network services such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), network-level DNS logging, management applications, antivirus software, quarantine files, and network log files.

  • Demonstrate network forensic and investigation techniques using labs an industry tools such as Wireshark network protocol analyzer, Autopsy forensic software, Windows Registry Editor, file and record carving, document and photo reconstruction, and recovering deleted files.

  • Determine a malware policy based on industry best practices which addresses the identification of malicious files, initial triage, handling procedures, documentation and distribution guidelines, static and dynamic analysis methods, and the use of sandboxes for automated analysis.

  • Summarize investigative practices that include elements of proof, field investigation toolkits, incident scene management, evidence dynamics, chain of custody, investigative interview strategies, non-verbal communication, and Locard’s Principle of Exchange.

  • Evaluate critical sources of forensic evidence including Windows file systems, volatile and persistent memory, event logs, process tracking, web-based applications (browsers, email, and instant messages), malware files, and malicious websites.

Course Outline

  • Introduction to Network Forensic Investigations

  • Overview of Common Network Devices

  • Overview of Common Network Services

  • Fundamentals of Secure Network Architecture

  • Incident Response Management

  • Investigative Principles and Lead Development

  • Investigation Planning and Preparation

  • Forensic Analysis Methodology

  • Principles of Network Evidence

  • Initiating Network Forensic Investigations

  • Initial Development of Leads

  • Principles of Live Data Collection

  • Investigating Windows Systems

  • Investigating Applications

  • Static and Dynamic Malware Triage

  • Forensic Strategies for Incident Remediation

Cost

$1,600 include GST

Duration

Part-time: Monday and Wednesday 8:30 am-12:30 pm (5 weeks)

Intake

Intakes are held monthly

Mode

Instructor-led online