Digital Forensics Certified Cyber Investigator (CCI)

Provided by

Enquire about this course

About the course

 

Digital Forensics
Certified Cyber Investigator (CCI)

Specialist - level course

This specialist-level course is for professionals who are looking to develop and improve their ability to respond effectively to a cyber event. It helps you develop the skills needed to isolate, investigate and extract evidence from a live networked environment during or after a cyber incident.

How will I benefit?
This course will enable you to:

  • Learn a number of methodologies for undertaking a sound cyber investigation
  • Acquire and practice new techniques to extract relevant data from a live networked environment
  • Gain confidence when identifying and capturing live operating system artefacts
  • Improve your ability to respond effectively to a cyber event

"This was the most useful networking investigation course I have been on in recent years. I came away with a substantial increase in my knowledge along with some very useful documentation. If you’re going to do one networking investigation course year, make it this one.”

CCI Delegate

Regional Cyber Crime Unit

"This course has been excellent. The course is difficult and at times is frustrating, but I deem that to be a very good thing, as it only compelled and challenged me to learn and try harder."

CCI Delegate
UK Police Service

"The instructors delivered an excellent, modern and cutting-edge course that will undoubtedly benefit our crime scene/warrant processes, allowing us to collect some excellent evidence."

CCI Delegate​

For more information about this course, please see below
What will I learn?

  • You will learn and practice the critical skills needed to identify the correct forensic artefacts in a live network environment during or after a cyber event, and how to preserve and collect that data
  • You will practice how to correctly acquire and handle dynamic data so that you do not inadvertently alter or destroy vital clues that could result in your investigation failing or the resultant evidence being inadmissible in court


Who should attend?

  • Experienced forensic investigators and cyber security practitioners who already have a good knowledge of forensic investigation and want to extend their skills.

For more information on this course, please email the Education team or contact us on +44(0)1763 285285

COURSE OVERVIEW
This five-day course is designed to provide you with the confidence
and skills to isolate, investigate and extract evidence from a live networked environment (as you would expect to find in a home or business network) during or after a cyber incident.

You will spend a large proportion of the course practising these skills and
methods in both physical and virtual network environments that replicate
the challenges faced by investigators in both the office and home cyber event scenarios.


THE SKILLS YOU WILL LEARN
You will learn and practice the critical skills needed to identify the correct
forensic artefacts in a live network environment and how to preserve,
extract and interpret them. We will show you how to correctly acquire and handle dynamic forensic evidence so that you do not inadvertently alter or destroy vital clues that could potentially result in your investigation failing or the resultant evidence being inadmissible in court.
Upon completion of the course you will:

  • understand how home and office networks work
  • be able to reduce your digital footprint when accessing a network
  • have the skills to identify and capture network traffic
  • be able to identify a cyber event
  • have the knowledge of how to examine and analyse relevant data artefacts
  • be able to identify and capture relevant log files
  • understand how to identify and collect volatile data types
  • be able to secure and access a live network
  •  have the ability to identify devices attached to a network
  • be able to identify and collect suspect network traffic (Ethernet and Wi-Fi)
  • have learnt remote network collection methodologies and techniques

KEY BENEFITS
This course will enable you to:

  •  Learn a number of methodologies for undertaking a sound cyber investigation
  • Acquire and practice new techniques to extract relevant data from a live networked environment
  • Gain confidence when identifying and capturing live operating system artefacts
  • Improve your ability to respond effectively to a cyber event

WHO SHOULD ATTEND
This is an intensive training course designed for experienced forensic
investigators and cyber security practitioners who already have a good
knowledge of forensic investigation and want to extend their skills, including:

  • Law enforcement officers & agents
  • Digital investigators
  • Cyber incident response team members
  •  IT security officers
  • System/Network Administrators/
  • Engineers
  • eDiscovery consultants

SYLLABUS
You will need a good understanding and experience of:

  • The forensic investigation process
  • Windows and Linux operating systems
  • Command line interface
  • Computer networks

We strongly recommend completion of the 7Safe CFIP
and CLFP courses as a minimum before attending this course.

WHAT QUALIFICATION
WILL I RECEIVE?

Those delegates successfully passing the exam at the end
of the course will be awarded 7Safe’s Certified Cyber
Investigator (CCI) qualification.

Syllabus
Throughout the course, your time will be equally split between being taught the methods and principles required to isolate, investigate and extract evidence in a live network environment and applying these in practical, hands-on exercises based on real life scenarios, created in a set of physical and virtual networks

1. Investigation Principles
and Strategy
a. ACPO Guideline -
The Four Principles
b. Competency
c. ISO Standards
d. Applicable Law

2. Computer Networks
a. What is a computer network?
b. Types of computer network
c. Network topologies

3. Network Reference Models
a. OSI Model
b. TCP/IP Model

4. Network Addressing
a. IPv4
b. IPv6
c. MAC Address

5. Network Protocols
a. Ports
b. What are protocols?
c. Transport layer protocols
d. Other protocols of interest

6. Network Environments
a. Home network
b. Business/office network
c. Public network

7. Network Devices
a. Computer (Desktop/Server)
b. Hub
c. Switch
d. Router
e. Other devices

8. Information Gathering
a. Analysis Environments
b. Identifying equipment
c. Accessing a network
d. Network mapping
e. Network traffic
f. Accessing Nodes (Computer,
Switch, Router, other devices)
g. Reducing your digital footprint
h. Windows Management
Instrumentation Command Line
i. PowerShell
j. Remote imaging and data
collection

9. A Cyber Analysis Process
a. Correlating Results
b. Data Interpretation

10. Simplifying Complex Evidence
a. Subject knowledge levels
b. Clarity, simplicity, brevity
c. Reporting

 

 

 

Enquire

Start date Location / delivery
13 Jan 2020 Cambridge
23 Mar 2020 Cambridge
10 Aug 2020 Cambridge
26 Oct 2020 Cambridge

Related article

NHS learns from WannaCry with cyber training GCHQ has been helping NHS trusts be more prepared for cyber attacks like WannaCry. Secretary of state ...