Network Forensics Section 101 (NFS 101)

Prerequisite(s): None

Course Setting: Online, self-paced

Length: 8.5 hours

Training Purpose: Skill Development

Audience: Network Forensic Section (NFS) Analysts and others assigned by management

Description:

The NFS 101 course aims to establish a baseline understanding of the NFS mission, goals, structure, and deployment kits. The course identifies components of a deployment kit and provides an overview of the pre-deployment, onsite, and remote functions of the kit. It also discusses the NFS process for artifacts and data collection, as well as the basic analysis of artifacts and data.

By the end of the course, trainees will be able to:

1. State the NFS mission, goals, and structure.
2. Identify components of a deployment kit.
3. Describe the pre-deployment, onsite, and remote functions of the kit.
4. Discuss the NFS process for collecting artifacts and data.
5. Discuss the NFS process for basic analysis of artifacts and data.

This course focuses on the basics of computer programming and how to give a machine a set of instructions to produce a desired behavior. This course also provides information on the elements of programming and programming languages, frameworks, and models. The course includes an interactive programming game, interactive knowledge checks, and the chance to write a fully functional code.

Learning Objectives:

• Define programming.
• Describe the structure and purpose of major programming paradigms.
• Explain the difference between high-level and low-level languages.
• Describe the uses of scripting and compiled languages.
• State the elements of programming.
• Explain when to use a variable in programming.
• List basic data types.
• State how operators are used in programming.
• Explain why logic and flow are important in programming.
• State the purpose of programming frameworks.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on cyberattacks, specifically compromises via ransomware. Implementing strategies to defend against attacks as well as preparations for response and recovery in the event of an incident is critical to an organization’s resilience. This course reviews malware types and vectors for compromise, common issues hindering an effective response, best practices for preparing and responding to an infection incident, and defensive measures to strengthen the cybersecurity posture.

Learning Objectives:

• Identify the various types of disruptionware, vectors for compromise, and the impact of an infection on business operations.
• Recognize the common problems that can hinder effective incident response and prevention activities.
• Know the ordered steps in following documented incident reporting procedures including immediate actions and communication.
• Explain the importance of defense-in-depth layered strategy for protecting the enterprise with examples of implementation.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

At the end of this course, participants will be able to

• list the characteristics that distinguish Mothra from SiLK,
• identify the major architectural features of Mothra,
• describe how analysis can be performed in Mothra, and
• discuss the advantages of using a Jupyter Notebook for collaborative analysis.

At the end of this course, participants will be able to:

• List several types of sensors in use on modern computer networks
• Identify what fields and information are available in the data from each type of sensor
• Characterize some of the analysis of data from each type of sensor
• Discuss potential issues with the use of data from each type of sensor, and how to deal with the issues in analysis