Phase2 Advantage Cybersecurity and Certifications

Certified Network Defense and Investigations Specialist

Instructor-Led Online Training

Network Defense and Investigations

As digital crime increases exponentially, the need for investigative expertise in both government and civilian sectors has increased proportionally as well. The Network Defense and Investigations course provides students with methods and strategies to mitigate incident damage with efficient and effective response procedures, acquire crucial evidence in a forensically sound manner, identify and analyze the recovered evidence for relevant facts, and document and report details of the investigation in a manner consistent with professional industry standards.  In many cases, the cybersecurity professional must also be prepared to offer expert witness testimony in civil and legal venues.

Comprised of 14 detailed chapters designed to align to academic calendars, students are presented with topics such as Enterprise Network Devices and Services, Identity and Access Management, Biometric Security, Evidence Collection and Chain of Custody, Data Analysis, and Reporting and Documentation requirements. The content of this textbook is aligned for use with immersive cybersecurity labs produced by Jones & Bartlett Learning, Pearson Education, Cengage, and Project Ares® by Circadence.

Students should have knowledge of basic networking and TCP/IP protocols.  A minimum of 12 months of work experience  in the Information Security field or equivalent study is suggested.

COURSE DATE

TBD by Client

CLASS SIZE

8+ Students Minimum

LMS ACCESS

24 / 7

COURSE FEE

$3,000 per Student

COURSE DURATION

40 Hours

Course Training Materials

Course Textbook (US Students)

Textbook via Amazon (Non-US Students)

Course Lab Exercises

Practice Assessment Quizzes

40-Hour CPE Credit Certificate

Knowledge Assessment Examination

Phase2 Advantage has partnered with Savannah Technical College to offer several instructor-led cybersecurity courses for individuals who are not able to attend classroom-based certification programs. This format provides students with the benefit of instructor-led courses from the comfort of their home or office. Enrolled students will have access to the Savannah Technical College Learning Management System for their courses and exams.

NICE Cybersecurity Workforce Framework

The Certified Network Defense and Investigations Specialist course is a component of the career progression track that supports the required Categories, Specialty Areas and Work Roles as defined by the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework.  It provides a common language to speak about cyber roles and jobs and can be referenced to define professional requirements in cybersecurity.

Course Outline and Knowledge Points

  • Cyber Adversaries vs. Cyber Defenders
  • Nation-State vs. Non-Nation-State Actors
  • Components of the Threat Landscape
  • Legal Challenges in Digital Investigations
  • Challenges to Cyber Crime Investigations
  • International Enforcement Challenges
  • Security Architecture Frameworks
  • Reference Security Architecture
  • The Software Development Life Cycle
  • Architectural Design Documentation
  • Architectural Domains: The Four Pillars
  • Zero Trust Networks
  • Firewall Functionality and Logging
  • Stateful vs. Stateless Inspection
  • Host-, Network-, and Application-Based Firewalls
  • Network Switches and Routers
  • Intrusion Detection and Prevention Systems
  • Unified Threat Management
  • Enterprise Services
  • Dynamic Host Configuration Protocol
  • Domain Name Systems
  • Enterprise Management Applications
  • Antivirus Software
  • Web and Database Servers
  • Password Complexity and Policy
  • Tokens, HOTP, and TOTP Controls
  • Biometric and Geolocation Methods
  • Kerberos, NTLM, LDAPS, and Active Directory
  • SSO, SAML, OAuth, and OpenID Connect
  • Access Control Models
  • Providing Integrity with Hashing
  • Symmetric Encryption Characteristics
  • Asymmetric Encryption Characteristics
  • Email: Using Cryptographic Protocols
  • Public Key Infrastructure: Certificates
  • Cryptography Security Threats
  • Biometric Implementation
  • Fingerprint Recognition Systems
  • Facial Recognition Systems
  • Iris and Retinal Imaging Systems
  • Keystroke Dynamics
  • Voice Recognition Systems
  • Understanding Elements of Proof
  • Incident Scene Management
  • Chain of Custody
  • The Purpose of Investigations
  • Investigative Interview Strategies
  • Documenting Interviews
  • General Process for Performing Analysis
  • Available Sources of Data
  • Outlining the Analysis Approach
  • Selection of Analysis Methods
  • Special Considerations for Artifacts
  • Evaluating Analysis Results
  • The Need for Network Monitoring
  • Types of Network Monitoring
  • Setting Up a Network Monitoring System
  • Network Surveillance
  • Network Sensor Deployment
  • Network Logging Challenges
  • When to Perform a Live Response
  • Live Response Challenges
  • Selecting a Live Response Tool
  • Data Collection Considerations
  • Common Live Response Data
  • Collection Best Practices
  • Windows System Overview
  • System and Event Logs
  • Windows Registry Evidence
  • Windows Services and Processes
  • Memory Forensics
  • Alternative Persistence Mechanisms
  • Investigating Applications Overview
  • Windows Application Data Storage
  • General Investigative Methods
  • Investigating Web Browsers
  • Investigating E-Mail Clients
  • Investigating Instant Message Clients
  • Vulnerability Program Essentials
  • Prioritizing Vulnerability and Risk
  • Rating Vulnerability Levels
  • Analyzing a Vulnerability Notification
  • Establishing an Efficient Workflow
  • Vulnerability Scanning Software

Contact Us to Register for Training

To find out more about registration for this certification course, contact us today via the phone number or email address listed below.

OFFICE:
(912) 335-2217

EMAIL:
michael.kaplan@phase2advantage.com