FedVTE Course Catalog

This course covers the history, risks, and legality of cryptocurrency as well as discusses what cryptocurrency items can be seized by law enforcement.

Learning Objectives:

• Define cryptocurrency and compare it to traditional currency.
• Describe the history of cryptocurrency.
• State the elements of a cryptocurrency transaction and their roles.
• Describe safety measures taken to protect cryptocurrency.
• Identify items that serve as wallets for cryptocurrency and could be seized by law enforcement.
• Evaluate apps and websites that could be linked to cryptocurrency.
• Compare degrees of anonymity of various cryptocurrencies.
• Compare legal and illegal uses of cryptocurrency.
• Evaluate the legality of different cryptocurrency scenarios.
• Identify notable cases of illegal uses of cryptocurrency found in recent headlines.

Date: 2019

Training Purpose: Investigate

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course serves as an introduction and overview of several concepts and technologies that may be encountered as part of an investigation with a digital or cyber component. Starting with the basics of how devices communicate, the course continues with technical concepts and applications that may be used to facilitate or investigate incidents. Content includes lab exercises and practical application takeaways to reinforce concepts, and a course exam.

Learning Objectives:

• Describe essential computing communication concepts.
• Identify digital evidence sources and handling.
• Apply techniques to examine applications for target information.

Date: 2017

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course discusses the basic concepts of cybersecurity and digital forensics investigation practices. Topics include performing collection and triage of digital evidence in response to an incident, evidence collection methodologies, and forensic best practices. This is an introductory course reviewing the processes, methods, techniques, and tools in support of cyber security investigations.

Learning Objectives:

• Understand the process of integrating forensics collection and analysis program into an organization.
• Recognize concepts involved in the Forensic Process.
• Apply necessary preparation to perform collections and incident response according to best practices.
• Understand methods, goals and objectives for digital forensic collection activities.
• Apply techniques and tools for conducting evidence collection, triage, and log analysis.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This 1/2-day course is a joint collaboration of the Cybersecurity & Infrastructure Security Agency (CISA) and the CERT Division of the Software Engineering Institute at Carnegie Mellon University. The purpose of this training is to help federal civilian agencies meet required actions of BOD 20-01, the Binding Operational Directive to Develop and Publish a Vulnerability Disclosure Policy (VDP) by covering the knowledge of and providing resources for:

• Vulnerability report receipt and intake
• Developing and publishing a vulnerability disclosure policy
• Developing vulnerability disclosure handling procedures
• Developing a vulnerability disclosure capability development
• Reporting metrics

After completing this course, participants should be able to

• Describe agency requirements for developing and publishing a vulnerability disclosure policy (VDP).
• Describe the minimum capacity needed to support your vulnerability disclosure handling process.
• Explain how vulnerability disclosure and handling is dependent on successful human interaction.
• Explain the importance of establishing trust and good relationships with reporters and stakeholders.
• List the key resources that can help your agency build your VDP and supporting processes.
• Meet the requirements to develop and publish a VDP and supporting handling process.
• Understand how and when to work with CISA for assistance and escalation.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course introduces the tasks, processes, and technologies to identify, collect and preserve, and analyze data so that it can be used in a judiciary setting. This course begins with obtaining and imaging data and then describes each step in following the forensic process.

Learning Objectives:

• Explain the importance and the processes necessary to handle data to ensure its admissibility in a court of law.
• List steps in the computer forensics process and goals for each step.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on what cyber intelligence is and how to acquire, process, analyze, and disseminate information that identifies, tracks, and predicts threats, risks, and opportunities inside the cyber domain to offer courses of action that enhance decision making. The course explains the current threat landscape and the importance of cyber intelligence, describes how cyber intelligence differs from cyber security and cyber threat intelligence, and explores intelligence tradecraft fundamentals. The content covers analytical techniques, estimative writing, and briefing within a cyber intelligence construct.

Learning Objectives:

• Discuss the threat and data landscape.
• Apply traditional intelligence tradecraft to the Cyber Domain.
• Define and describe a Cyber Intelligence Framework involving Human-Machine Teaming.
• Describe structured analytical techniques and biases.
• Communicate analytic findings effectively and recommend courses of action to practitioners and decision makers.

Date: 2020

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course is designed for technical staff who are new to the area of Digital Media Analysis and Investigations. It provides an overview of the digital investigation process and key activities performed throughout the process.

Date: 2012

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on mobile devices, how they operate, and their security implications. This course includes topics such as signaling types, application stores, managing mobile devices, and emerging trends and security and privacy concerns with social media.

Learning Objectives:

• Discover mobile device technology components and architectures and how to properly secure them.
• Examine historical and current threats to mobile devices and methods for remediating against them.
• Establish best practices and procedures for performing mobile device forensic investigations.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course provides an overview of mobile forensics, the branch of digital forensics that focuses on forensically sound extraction and analysis of evidence from mobile devices. Cell phone investigations have grown exponentially with data from mobile devices becoming crucial evidence in a wide array of incidents. The course begins with highlighting details of the field and then focuses on the iOS architecture, concluding with data acquisition and analysis.

Learning Objectives:

• Describe the impact of mobile devices on investigations.
• Identify iOS device filesystem, operating system, and security architecture basics.
• Explain acquisition and analysis tools and techniques for iOS devices.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on edge security traffic design, blocking Denial of Service / Distributed Denial of Service (DoS/DDoS) traffic, specialized access control lists, routers and firewalls, securing routing protocols, securing traffic prioritization, and securing against Single Point of Failure (SPOF).

Learning Objectives:

• Identify perimeter and the approach to protecting that perimeter.
• Understand methods to consider for blocking DoS and DDos traffic.
• Apply specialized Access Control List considerations.
• Implement firewalls and differentiate types to protect the perimeter.
• Understand routing protocols and traffic prioritization for networks.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This training course focuses on basic Ransomware concepts and methodology. This course will explain what ransomware is, preventative measures that can be used to prevent a ransomware attack, and ransomware incident response and recovery.

Learning Objectives:

• Present an overview of ransomware attacks
• Identify preventative measures to block ransomware attacks
• Discuss incident response best practices for ransomware attacks
• Detail ways to implement recovery measure after a ransomware attack
• Learn to strategically plan the development and implementation of your CSIRT.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module provides mitigation strategies and techniques as it relates to firewall rules. This module will explain what firewalls are, present the importance of implementing firewall rules and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Block Malicious IPs Demo provides a walkthrough of the tasks you'll need to complete, the Block Malicious IPs Try allows you the opportunity to test out the tasks presented in the Block Malicious IPs Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Identify the purpose of firewalls
• Present the importance of implementing firewall rules
• Identify specific firewall rules to apply

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module focuses on sinkholing as a mitigation technique. This module will explain what Domain Name Service (DNS) sinkholes are, present the importance of implementing sinkholes, and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Sinkhole Demo provides a walkthrough of the tasks you'll need to complete, the Sinkhole Try allows you the opportunity to test out the tasks presented in the Sinkhole Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Present the definition of a DNS Sinkhole
• Identify key terms related to the Sinkholing process
• Explain the importance of implementing a DNS Sinkhole

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module provides information on how to disable SMBv1 using the group policy mitigation technique. This module will explain Server Message Block (SMB), provide an overview of the versions of SMB, present the importance of blocking SMBv1, and provide an opportunity for you to practice applying group policies that disable SMBv1 in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The SMBv1 Demo provides a walkthrough of the tasks you'll need to complete, the SMBv1 Try allows you the opportunity to test out the tasks presented in the SMBv1 Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Define Server Message Block
• Identify the three versions of SMB
• Present the importance of disabling SMBv1

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Application Allowlisting is a controlled list of applications and components such as libraries, configuration files, etc. that are authorized to be present or active on a host according to a well-defined baseline. It is a highly effective security strategy that acts as a preventative file execution policy to allow only certain programs to run and prevents others from executing. Every organization must verify and trust each and every application they allow on their network. They do this by adapting allowlisting to help block the execution of malware, unlicensed software, and other unauthorized software.

This interactive training module focuses on basic Application Allowlisting concepts and methodologies. This module will explain what Application Allowlisting is, present the importance of implementing Application Allowlisting, and provide an opportunity for you to practice applying specific Application Allowlisting rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Application Allowlisting Demo provides a walkthrough of the tasks you'll need to complete, the Application Allowlisting Try allows you the opportunity to test out the tasks presented in the Application Allowlisting Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Create Windows Defender Application Control (WDAC) allowlisting policies with PowerShell

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Active Directory (AD) is one of the most vital components in a Windows network. Cybercriminals today are targeting AD, performing reconnaissance to discover users, servers, and computers in an enterprise network, and then moving laterally to carry out multi-stage attacks to gain access and abuse organization resources and data. An AD backup and restoration disaster recovery strategy is vital for operation continuity. Backing up AD regularly is important, sometimes the backup is the only way for an organization to recover its data after a cyberattack.

This interactive training module focuses on basic AD concepts and methodologies. This module will explain how to identify the Primary Domain Controller (PDC) of the domain, explain how to make changes to AD without backing up again, and provide an opportunity for you to practice confirming the changes made after the backup are replaced with the information in the backup file.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The AD Backup Restore Demo provides a walkthrough of the tasks you'll need to complete, the AD Backup Restore Try allows you the opportunity to test out the tasks presented in the AD Backup Restore Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Backup Active Directory on a Domain Controller
• Restore Active Directory on a Domain Controller

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Kerberos Ticket Granting Ticket (KRBTGT) is a local default account used for Microsoft’s implementation of Kerberos, the default Microsoft Windows authentication protocol for granting access to network applications and services. KRBTGT acts as a service account for the Key Distribution Center (KDC) service. KRBTGT account in Active Directory (AD) plays a key role that encrypts and signs all Kerberos tickets for the domain.

This interactive training module focuses on basic KRBTGT concepts and methodology. This module will explain how to reset the KRBTGT account password using the Active Directory Users and Computers app in the Administrative tools in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Reset KRBTGT Account Password Demo provides a walkthrough of the tasks you'll need to complete, the Reset KRBTGT Try allows you the opportunity to test out the tasks presented in the Reset KRBTGT Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Reset the KRBTGT Account password

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on building skills to improve the ability to piece together the various components of the digital investigation. The course begins with acquisition planning and preparation, progresses through the investigative process, and concludes with analysis techniques and methods for more manageable investigations.

Learning Objectives:

• Develop an investigative process for the digital forensic investigation.
• Explain methods of focusing investigations through analysis of multiple evidence sources.
• Effectively prepare for incident response of both victim and suspect systems.
• Identify sources of evidentiary value in various evidence sources including network logs, network traffic, volatile data and through disk forensics.
• Identify common areas of malicious software activity and characteristics of various types of malicious software files.
• Confidently perform live response in intrusion investigation scenarios.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework