Network Defense and Investigations
As digital crime increases exponentially, the need for investigative expertise in both government and civilian sectors has increased proportionally as well. The Network Defense and Investigations course textbook provides students with methods and strategies to mitigate incident damage with efficient and effective response procedures, acquire crucial evidence in a forensically sound manner, identify and analyze the recovered evidence for relevant facts, and document and report details of the investigation in a manner consistent with professional industry standards.
Comprised of 14 detailed chapters designed to align to academic calendars, students are presented with topics such as Enterprise Network Devices and Services, Identity and Access Management, Biometric Security, Evidence Collection and Chain of Custody, Data Analysis, and Reporting and Documentation requirements. Immersive learning labs utilize the Project Ares® Cyber Range and Wireshark network protocol analyzer software.
Paperback: 324 Pages
Textbook Chapters and Key Knowledge Points
Click the blue arrow to the left of the chapter title to view an expanded list of key knowledge points.
- Cyber Adversaries vs. Cyber Defenders
- Nation-State vs. Non-Nation-State Actors
- Components of the Threat Landscape
- Legal Challenges in Digital Investigations
- Challenges to Cyber Crime Investigations
- International Enforcement Challenges
- Security Architecture Frameworks
- Reference Security Architecture
- The Software Development Life Cycle
- Architectural Design Documentation
- Architectural Domains: The Four Pillars
- Zero Trust Networks
- Firewall Functionality and Logging
- Stateful vs. Stateless Inspection
- Host-, Network-, and Application-Based Firewalls
- Network Switches and Routers
- Intrusion Detection and Prevention Systems
- Unified Threat Management
- Enterprise Services
- Dynamic Host Configuration Protocol
- Domain Name Systems
- Enterprise Management Applications
- Antivirus Software
- Web and Database Servers
- Password Complexity and Policy
- Tokens, HOTP, and TOTP Controls
- Biometric and Geolocation Methods
- Kerberos, NTLM, LDAPS, and Active Directory
- SSO, SAML, OAuth, and OpenID Connect
- Access Control Models
- Providing Integrity with Hashing
- Symmetric Encryption Characteristics
- Asymmetric Encryption Characteristics
- Email: Using Cryptographic Protocols
- Public Key Infrastructure: Certificates
- Cryptography Security Threats
- Biometric Implementation
- Fingerprint Recognition Systems
- Facial Recognition Systems
- Iris and Retinal Imaging Systems
- Keystroke Dynamics
- Voice Recognition Systems
- Understanding Elements of Proof
- Incident Scene Management
- Chain of Custody
- The Purpose of Investigations
- Investigative Interview Strategies
- Documenting Interviews
- General Process for Performing Analysis
- Available Sources of Data
- Outlining the Analysis Approach
- Selection of Analysis Methods
- Special Considerations for Artifacts
- Evaluating Analysis Results
- The Need for Network Monitoring
- Types of Network Monitoring
- Setting Up a Network Monitoring System
- Network Surveillance
- Network Sensor Deployment
- Network Logging Challenges
- When to Perform a Live Response
- Live Response Challenges
- Selecting a Live Response Tool
- Data Collection Considerations
- Common Live Response Data
- Collection Best Practices
- Windows System Overview
- System and Event Logs
- Windows Registry Evidence
- Windows Services and Processes
- Memory Forensics
- Alternative Persistence Mechanisms
- Investigating Applications Overview
- Windows Application Data Storage
- General Investigative Methods
- Investigating Web Browsers
- Investigating E-Mail Clients
- Investigating Instant Message Clients
- Vulnerability Program Essentials
- Prioritizing Vulnerability and Risk
- Rating Vulnerability Levels
- Analyzing a Vulnerability Notification
- Establishing an Efficient Workflow
- Vulnerability Scanning Software
Training institutions that adopt the Network Defense and Investigations textbook for use in their course curricula may request corresponding instructor resources at no additional cost. These resources include lecture presentation slides, question text banks for each of the 14 chapters, and lab resource guides. For more information please contact Phase2 Advantage.
All Phase2 Advantage digital course materials – including textbooks, lab guides, and lecture slides in PDF and PPT formats – are ADA accessible and score 100% on major Learning Management Systems such as Moodle, Blackboard, Canvas, and LearnUpon. For more information please contact Phase2 Advantage or visit our Higher Education page in this website.
Course Learning Objectives
- CLO #01: Identify the purpose of enterprise network devices such as firewalls (stateless, stateful, host, network, and application), switches, routers, access control lists, intrusion detection and prevention systems, unified threat management devices, and sources of critical logs.
- CLO #02: Describe the purpose of enterprise network services such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), network-level DNS logging, management applications, antivirus software, quarantine files, and network log files.
- CLO #03: Examine the principles and purpose of secure network architecture, architecture security frameworks, implementation of supporting security controls, zero trust network foundations and assertions, and identifying network baselines and anomalies.
- CLO #04: Identify security technologies, risk management models, network and system defense methodologies, identity and access management practices, cryptographic protocols, threats to cryptographic protocols, and intrusion detection techniques.
- CLO #05: Summarize investigative practices that include elements of proof, field investigation toolkits, incident scene management, evidence dynamics, chain of custody, investigative interview strategies, non-verbal communication, and Locard’s Principle of Exchange.
- CLO #06: Evaluate critical sources of forensic evidence including Windows file systems, volatile and persistent memory, event logs, process tracking, web-based applications (browsers, email, and instant messages), malware files, and malicious websites.
Phase2 Advantage has partnered with VitalSource’s digital content publishing platform to offer cybersecurity training and credentialing capabilities to students around the globe. VitalSource, a subsidiary of the Ingram Content Group (Ingram Publishing), provides digital academic resources to over 7,000 academic institutions around the globe in support of their academic degree and professional development programs. Sampling has been enabled for all eligible faculty and staff.
Contact Us for Bookstore Orders
To find out more about bookstore orders or our full range of instructor resources, contact us today via the phone number or email address listed below.