FedVTE Course Catalog

101 Courses - Basic level courses
NICE Cybersecurity Workforce Framework Category - Analyze
NICE Cybersecurity Workforce Framework Category - Collect and Operate
NICE Cybersecurity Workforce Framework Category - Investigate
NICE Cybersecurity Workforce Framework Category - Operate and Maintain
NICE Cybersecurity Workforce Framework Category - Oversee and Govern
NICE Cybersecurity Workforce Framework Category - Protect and Defend
NICE Cybersecurity Workforce Framework Category - Securely Provision

The NICE Cybersecurity Workforce Framework can be found at: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework

Limit to NICE Cybersecurity Workforce Framework Category or subject:
101 Courses - Basic level courses Analyze Collect and Operate
Investigate Operate and Maintain Oversee and Govern
Protect and Defend Securely Provision
Show All Courses in All Categories

Expand/Collapse All
Advanced Computer Forensics 5 HoursSkill Level: Advanced 
+ Description
 

This course focuses on building skills to improve the ability to piece together the various components of the digital investigation. The course begins with acquisition planning and preparation, progresses through the investigative process, and concludes with analysis techniques and methods for more manageable investigations.

Learning Objectives:

  • Develop an investigative process for the digital forensic investigation.
  • Explain methods of focusing investigations through analysis of multiple evidence sources.
  • Effectively prepare for incident response of both victim and suspect systems.
  • Identify sources of evidentiary value in various evidence sources including network logs, network traffic, volatile data and through disk forensics.
  • Identify common areas of malicious software activity and characteristics of various types of malicious software files.
  • Confidently perform live response in intrusion investigation scenarios.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Exploitation Analysis Exploitation Analyst
Investigate Digital Forensics Cyber Defense Forensics Analyst
+ Course Modules/Units
 
Course Objectives
Introduction to Acquisition Preparation
The Preparation Phase
Known Executables
Collection Strategies
Once an Incident Has Occurred
Making Adjustments
Response
Acquisition Summary
Incident Information Gathering
Live Acquisitions
Acquisition Considerations and Risks
Acquisition Preparation and Identification
Using Live Disks, Bootable USBs, and Evidence Storage
Volatile Data Collection
Memory Collection
Memory Collection Tools
WinDD
Hard Drive Collection
Disk Encryption
Network Log Analysis
Log Analysis Tools and Wireshark
Fundamentals of Memory Analysis
Why Should You Care About Memory
Volatile System Information
Virtual Memory
Memory Acquisition Considerations and Tools
Benefits and Limitations of Memory Analysis
Mandiant Redline
Volatility
Using Volatility
Using Strings
Demo of Volatility 1_Using Volatility
Memory Analysis Flow and Techniques
Demo of Volatility 2_Comparing Memory and Volatile System Information
Advanced Memory Analysis
Understanding Attacks and Incidents
Anatomy of an Attack of Infection
Benefits of Malware Analysis
Using Antivirus
Introduction to Windows Artifacts
Prefetch Files
User Assist Entries
Recent, Link, and Shortcut Files
Most Recently Used Files
Shell Bags Entries
Page, Hibernation, and Autorun Files
Persistence
Hash Analysis
Registry Decoder
Timeline Analysis
Forensic Analysis of Timelines
Victim System Analysis
User Level Vs Kernel Level Rootkits
Correlating Incident Response with Forensics
Advanced Analysis Topics 1
Malware Versus Tools
Advanced Analysis Topics 2
Identifying a Suspect
Scanning and Fingerprinting the Suspect
Cryptocurrency for Law Enforcement 2 hoursSkill Level: Beginner
+ Description
 

This course covers the history, risks, and legality of cryptocurrency as well as discusses what cryptocurrency items can be seized by law enforcement.

Learning Objectives:

  • Define cryptocurrency and compare it to traditional currency.
  • Describe the history of cryptocurrency.
  • State the elements of a cryptocurrency transaction and their roles.
  • Describe safety measures taken to protect cryptocurrency.
  • Identify items that serve as wallets for cryptocurrency and could be seized by law enforcement.
  • Evaluate apps and websites that could be linked to cryptocurrency.
  • Compare degrees of anonymity of various cryptocurrencies.
  • Compare legal and illegal uses of cryptocurrency.
  • Evaluate the legality of different cryptocurrency scenarios.
  • Identify notable cases of illegal uses of cryptocurrency found in recent headlines.

Date: 2019

Training Purpose: Investigate

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Investigate Cyber Investigation Cyber Crime Investigator
Investigate Digital Forensics Cyber Defense Forensics Analyst
+ Course Modules/Units
 
Introduction to Cryptocurrency for Law Enforcement
Cyber Fundamentals for Law Enforcement Investigations 8 HoursSkill Level: Beginner 
+ Description
 

This course serves as an introduction and overview of several concepts and technologies that may be encountered as part of an investigation with a digital or cyber component. Starting with the basics of how devices communicate, the course continues with technical concepts and applications that may be used to facilitate or investigate incidents. Content includes lab exercises and practical application takeaways to reinforce concepts, and a course exam.

Learning Objectives:

  • Describe essential computing communication concepts.
  • Identify digital evidence sources and handling.
  • Apply techniques to examine applications for target information.

Date: 2017

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Threat Analysis Threat/Warning Analyst
Investigate Digital Forensics Cyber Defense Forensics Analyst
Investigate Cyber Investigation Cyber Crime Investigator
+ Course Modules/Units
 
Cyber Investigation Course Intro
Cyber Crimes versus Traditional Crimes
Cyber Laws Overview
Logical and Physical Addresses
Dissecting a Data Packet
How Computers Connect
IP Addresses and Domain Names
IP Addresses
Domain Naming
NSlookup Dig Google Toolbox
Digital Artifacts Basics
Site Survey and Collection
Determining Sophistication
Time Standardization
Requesting Digital Forensic Artifacts
Footprinting
Handling Untrusted or Unknown Files
Setting Up an Analysis Environment
Examining Images
Intro to Encryption
Detecting Encryption
Malware Awareness
Malware Propagation
Malware History
Remote Access
Understanding Insider Threat
Introduction to Peer-to-Peer
Advanced IP Tunneling Overview
TOR versus Traditional Tunneling
Iodine IP over DNS
Email Analysis
Phishing Message Analysis
Online Auctions
Open Source Searches Using Facebook
Open Source Searches Using Twitter
Google FU
Cyber Investigations Exam
Domain Information Lookup
Examining EXIF Data and Images
Computing and Comparing Hash Values
File Search Techniques
Open Source Twitter Searches
Cyber Security Investigations 9 HoursSkill Level: Beginner  
+ Description
 

This course discusses the basic concepts of cybersecurity and digital forensics investigation practices. Topics include performing collection and triage of digital evidence in response to an incident, evidence collection methodologies, and forensic best practices. This is an introductory course reviewing the processes, methods, techniques, and tools in support of cyber security investigations.

Learning Objectives:

  • Understand the process of integrating forensics collection and analysis program into an organization.
  • Recognize concepts involved in the Forensic Process.
  • Apply necessary preparation to perform collections and incident response according to best practices.
  • Understand methods, goals and objectives for digital forensic collection activities.
  • Apply techniques and tools for conducting evidence collection, triage, and log analysis.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Collect and Operate Cyber Operations Cyber Operator
Investigate Cyber Investigation Cyber Crime Investigator
Investigate Digital Forensics Cyber Defense Forensics Analyst
Protect and Defend Incident Response Cyber Defense Incident Responder
+ Course Modules/Units
 
Purpose of Computer and Network Forensics
Digital Forensics Tools
Forensics Team Staffing Considerations
Digital Forensics Guidelines, Policies, and Procedures
Digital Forensics Life Cycle
Digital Forensics Best Practices
Digital Forensics Concepts
Locard's Exchange Principle
Incident Response Phases Part 1 of 3
Incident Response Phases Part 2 of 3
Incident Response Phases Part 3 of 3
Computer Forensics Process Part 1 of 2
Computer Forensics Process Part 2 of 2
Digital Forensic Planning and Preparation
IR and Digital Forensics Tools
Forensically Prepared Media, Tools and Equipment
Incident Response Information Gathering
Incident Response Acquisition Considerations
Incident Response Notes and Documentation
Auditing Windows Event Logs
Volatile Data Collection
Storage Media Collection
Network Data Collection
Log Collection
Data Carving using FTK
Digital Forensic Triage Overview
Incident Triage Process
Incident Triage Methodology
Attacker Methodology Overview Part 1 of 3
Attacker Methodology Overview Part 2 of 3
Attacker Methodology Overview Part 3 of 3
Triage: Light and General Collections
Triage Analysis
Triage Analysis of Volatile Data
Program Execution
Analyzing Services
Malware Vectors and Detection
Mobile Device Triage Analysis
IR: Following a Trail
Hash and File Signature Analysis
Time Analysis
Registry Analysis
File Analysis Demonstration
Hashing with md5deep
Hash Analysis with Autopsy
Lessons Learned from an Incident
Lessons Learned from Objective and Subjective Data
Evidence Retention and Information Sharing Post Incident
Cyber Security Investigations Exam
Introduction to Computer Forensics 1.5 HoursSkill Level: Beginner 
+ Description
 

This course introduces the tasks, processes, and technologies to identify, collect and preserve, and analyze data so that it can be used in a judiciary setting. This course begins with obtaining and imaging data and then describes each step in following the forensic process.

Learning Objectives:

  • Explain the importance and the processes necessary to handle data to ensure its admissibility in a court of law.
  • List steps in the computer forensics process and goals for each step.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze Exploitation Analysis Exploitation Analyst
Investigate Digital Forensics Cyber Defense Forensics Analyst
+ Course Modules/Units
 
Computer Forensics - Introduction
Computer Forensics - The Process
Computer Forensics - Following the Process – On-Site
Computer Forensics - Following the Process – On-Site - Encryption
Computer Forensics - Following the Process – On-Site - Memory
Computer Forensics - Following the Process – On-Site - Verification
Computer Forensics - Following the Process – Analysis
Computer Forensics - Following the Process – Report Findings
Computer Forensics - Following the Process – Data Preservation
Computer Forensics - Laws
Computer Forensics - Summary
Computer Forensics - Questions
Introduction to Cyber Intelligence 2 HoursSkill Level: Beginner 
+ Description
 

This course focuses on what cyber intelligence is and how to acquire, process, analyze, and disseminate information that identifies, tracks, and predicts threats, risks, and opportunities inside the cyber domain to offer courses of action that enhance decision making. The course explains the current threat landscape and the importance of cyber intelligence, describes how cyber intelligence differs from cyber security and cyber threat intelligence, and explores intelligence tradecraft fundamentals. The content covers analytical techniques, estimative writing, and briefing within a cyber intelligence construct.

Learning Objectives:

  • Discuss the threat and data landscape.
  • Apply traditional intelligence tradecraft to the Cyber Domain.
  • Define and describe a Cyber Intelligence Framework involving Human-Machine Teaming.
  • Describe structured analytical techniques and biases.
  • Communicate analytic findings effectively and recommend courses of action to practitioners and decision makers.

Date: 2020

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Analyze All-Source Analysis All-Source Analyst
Analyze Threat Analysis Threat/Warning Analyst
Investigate Cyber Investigation Cyber Crime Investigator
+ Course Modules/Units
 
What is Cyber Intelligence?
Cyber Intelligence - Why Should You Care?
Cyber Intelligence - Skills, Traits, Competencies
Cyber Intelligence - Conceptual Framework
Environmental Context
Data Gathering
Threat Analysis
Strategic Analysis
Reporting and Feedback
Human and Machine Teaming
The Art and Science of Cyber Intelligence
Cognitive Biases
Logical Fallacies
Analytical Acumen - The Science
Analytic Methodologies - Diagnostic Technique
DC Sniper: Beltway Attacks
Analytical Methodologies - Contrarian Technique
Analytical Methodologies - Imaginative Technique
Analytical Methodologies - Network Analysis
Analytical Methodologies - ACH
Analytical Methodology – Systems Dynamics Modeling
Intelligence Writing - Why It Matters
Estimative Language
Briefing Tips
Intro to Cyber Intelligence Quiz
Introduction to Investigation of Digital Assets 4 HoursSkill Level: Beginner
+ Description
 

This course is designed for technical staff who are new to the area of Digital Media Analysis and Investigations. It provides an overview of the digital investigation process and key activities performed throughout the process.

Date: 2012

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Investigate Digital Forensics Cyber Defense Forensics Analyst
Investigate Cyber Investigation Cyber Crime Investigator
+ Course Modules/Units
 
Investigations of Digital Assets
Exercise Setup
Exercise Debrief
What is an Investigation with Digital Assets?
Digital Investigation Process
Preparation Phase
Data Collection Phase
Data Analysis Phase
Findings Presentation Phase
Incident Closure Phase
Digital Investigation Process Summary
Introduction to Artifact Analysis
Artifact Analysis Capabilities
Artifact Analysis Process
Surface and Comparative Analysis Process
Surface and Comparative Analysis Process-Continued
Runtime Analysis Process
Static Analysis Process
Sample Analysis: Runtime
Sample Analysis: Static
Malware Analysis Summary
Analysis Exercise
Mobile and Device Security (2015) 22 HoursSkill Level: Beginner  
+ Description
 

This course focuses on mobile devices, how they operate, and their security implications. This course includes topics such as signaling types, application stores, managing mobile devices, and emerging trends and security and privacy concerns with social media.

Learning Objectives:

  • Discover mobile device technology components and architectures and how to properly secure them.
  • Examine historical and current threats to mobile devices and methods for remediating against them.
  • Establish best practices and procedures for performing mobile device forensic investigations.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Investigate Digital Forensics Cyber Defense Forensics Analyst
Operate and Maintain Customer Service and Technical Support Technical Support Specialist
Operate and Maintain Systems Analysis Systems Security Analyst
Oversee and Govern Legal Advice and Advocacy Privacy Officer/Privacy Compliance Manager
+ Course Modules/Units
 
Mobile Security Course Introduction
Cellular Network Generations
Network Standards Introduction
CDMA TDMA and GSM Introduction
GPRS Edge and UMTS Introduction
Additional Network Standards
Bluetooth and Wi-Fi
Cellular Network Components
Mobile Switching Center Database
Authentication and Government Standards
4G LTE
Mobile Device Components
Mobile Device Operating Systems
Android Customization
Wireless Technology Introduction
WiFi Standards
Wi-Fi Standards : 802.11ac
WiFi Types
Wireless Fidelity Part 2
WiFi Channels and SSIDs
WiFi Signals and Hardware
Bluetooth
WiMAX
Additional Standards
Near Field Communication
Introduction to Threats
Lost and Stolen Devices
Additional Device-Level Threats
Near Field Communications and Mobile Threats
Application-Level Threats
Rogue Applications
Network-Level Threats
Pineapple Router
Malicious Hotspot
Malicious Use Threats
Mobile Hacking Tools
Mobile Device Security Introduction
Mobile Device Security Introduction Cont.
Android Introduction
Android Security
Android Application Security
Google Android OS Features
Installing Antivirus
iOS Security Model and Platform
iOS Application Security
Jailbreaking iOS
iOS Application Security Cont.
Apple iOS Update Part 1 of 2
Apple iOS Update Part 2 of 2
Windows Phone Security Model and Platform
Windows Implementation and Application Security
Windows Phone Update
WiFi Security
WiMax and Bluetooth
Bluetooth Attack
Protecting Data
Encryption
Android Encryption
iOS Encryption
Email Security
Android and iOS Email Security
Windows Email Security
iOS Hardening
iOS Hardening Cont
Blackberry Hardening
Android Hardening
Android Hardening Cont.
Windows Phone Hardening
Windows Phone Password and Cookies
Windows Phone Wi-Fi
Windows Phone - Find, Wipe, and Backup
Device Security Policies
Exchange and BES
Mobile Device Management
Mobile Device Management Cont.
McAfee Mobility Management
Forensics Overview
Forensics Role and Framework
Device Identification
Device Identification Cont.
Network Data
Network Data Cont.
Preservation
Preservation Cont.
Acquisition
Acquisition Cont.
Device Specific Acquisition
Hashing
Hashing Cont.
Analysis
Archiving and Reporting
Cellebrite
Forensics Demonstration
XRY/XACT
Oxygen and CellXtract
Paraben and MOBILedit!
Additional Methods
Subscriber Data
Benefits of Social Media
Risks of Social Media
Liabilities Associated with Social Media
Social Media Controls
Emerging Trends
Emerging Trends Cont.
New Technologies in Mobile Devices
Mobile Devices and the Cloud
Mobile Security Course Quiz
Mobile Forensics 4 HoursSkill Level: Advanced
+ Description
 

This course provides an overview of mobile forensics, the branch of digital forensics that focuses on forensically sound extraction and analysis of evidence from mobile devices. Cell phone investigations have grown exponentially with data from mobile devices becoming crucial evidence in a wide array of incidents. The course begins with highlighting details of the field and then focuses on the iOS architecture, concluding with data acquisition and analysis.

Learning Objectives:

  • Describe the impact of mobile devices on investigations.
  • Identify iOS device filesystem, operating system, and security architecture basics.
  • Explain acquisition and analysis tools and techniques for iOS devices.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Investigate Digital Forensics Cyber Defense Forensics Analyst
Investigate Cyber Investigation Cyber Crime Investigator
+ Course Modules/Units
 
Introduction to Mobile Forensics
Importance of Mobile Forensics
Challenges of Mobile Forensics
Handling and Preserving Evidence
File System for iOS Devices
Understanding the Basics of iOS
Understanding iOS Security Architecture
Mobile Forensics Tool Classification
Data Acquisition Types
iOS Jailbreaking
Idenifying an iOS Device
Physical Acquisition of iOS Devices
iTunes Backup Acquisition
Apple File Conduit Acquisition
iTunes Backup Analysis
iCloud Data Acquisition and Analysis
Analyzing Data on iOS Devices
Mobile Forensics Quiz
Securing the Network Perimeter 1 HourSkill Level: Intermediate  
+ Description
 

This course focuses on edge security traffic design, blocking Denial of Service / Distributed Denial of Service (DoS/DDoS) traffic, specialized access control lists, routers and firewalls, securing routing protocols, securing traffic prioritization, and securing against Single Point of Failure (SPOF).

Learning Objectives:

  • Identify perimeter and the approach to protecting that perimeter.
  • Understand methods to consider for blocking DoS and DDos traffic.
  • Apply specialized Access Control List considerations.
  • Implement firewalls and differentiate types to protect the perimeter.
  • Understand routing protocols and traffic prioritization for networks.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

CategorySpecialty AreaWork Roles
Investigate Digital Forensics Cyber Defense Forensics Analyst
Operate and Maintain Network Services Network Operations Specialist
Operate and Maintain Systems Analysis Systems Security Analyst
Protect and Defend Cyber Defense Analysis Cyber Defense Analyst
Protect and Defend Incident Response Cyber Defense Incident Responder
+ Course Modules/Units
 
Introduction and Edge Security Traffic Design
Blocking DoS and DDoS Traffic
Specialized Access Control Lists
Routers with Firewalls
Beyond Firewalls: Inspecting Layer 4 and Above
Securing Routing Protocols and Traffic Prioritization
Securing Against Single Point of Failures