Phase2 Advantage has partnered with Savannah Technical College to offer several self-study cybersecurity courses for individuals who are not able to attend classroom-based certification programs. This format allows students to learn at their own pace, in a comfortable environment, and receive a 60% discount off classroom-based courses. Enrolled students will have access to the Savannah Technical College Learning Management System for their course.
Certified Network Defense and Investigations Specialist
Self-Study Online Training
As digital crime increases exponentially, the need for investigative expertise in both government and civilian sectors has increased proportionally as well. The Network Defense and Investigations course provides students with methods and strategies to mitigate incident damage with efficient and effective response procedures, acquire crucial evidence in a forensically sound manner, identify and analyze the recovered evidence for relevant facts, and document and report details of the investigation in a manner consistent with professional industry standards. In many cases, the cybersecurity professional must also be prepared to offer expert witness testimony in civil and legal venues.
Comprised of 14 detailed chapters designed to align to academic calendars, students are presented with topics such as Enterprise Network Devices and Services, Identity and Access Management, Biometric Security, Evidence Collection and Chain of Custody, Data Analysis, and Reporting and Documentation requirements. Immersive learning labs utilize the Project Ares® Cyber Range and Wireshark network protocol analyzer software.
Students should have knowledge of basic networking and TCP/IP protocols. A minimum of 12 months of work experience in the Information Security field or equivalent study is suggested.
Yes (via email)
24 / 7
Up to 6 Months
Course Training Materials
Course Textbook (US Students)
Textbook via Amazon (Non-US Students)
Course Lab Exercises
Practice Assessment Quizzes
40-Hour CPE Credit Certificate
Knowledge Assessment Examination
Knowledge Assessment Exam
Upon completion of self-study courses, students will be prepared to sit for the knowledge assessment exam. The online examination will consist of True/False, Multiple Choice, and Fill in the Blank questions. The exam may be taken at any time within 6 months of purchasing the certification course.
Students will have two hours to complete a computer-based examination consisting of 100 questions. A score of 70% or higher is required to earn the certification. Upon successful completion of the exam, students will be sent a hardcopy of their certification and their CPE credit documentation via email (PDF format) within 72-hours of the exam date.
Students will be allowed to use their notes on content presented during the course as well as their course study materials.
The Certified Network Defense and Investigations Specialist course is a component of the career progression track that supports the required Categories, Specialty Areas and Work Roles as defined by the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. It provides a common language to speak about cyber roles and jobs and can be referenced to define professional requirements in cybersecurity.
Course Outline and Knowledge Points
Click the blue arrow to the left of the chapter title to view an expanded list of key knowledge points.
- Cyber Adversaries vs. Cyber Defenders
- Nation-State vs. Non-Nation-State Actors
- Components of the Threat Landscape
- Legal Challenges in Digital Investigations
- Challenges to Cyber Crime Investigations
- International Enforcement Challenges
- Security Architecture Frameworks
- Reference Security Architecture
- The Software Development Life Cycle
- Architectural Design Documentation
- Architectural Domains: The Four Pillars
- Zero Trust Networks
- Firewall Functionality and Logging
- Stateful vs. Stateless Inspection
- Host-, Network-, and Application-Based Firewalls
- Network Switches and Routers
- Intrusion Detection and Prevention Systems
- Unified Threat Management
- Enterprise Services
- Dynamic Host Configuration Protocol
- Domain Name Systems
- Enterprise Management Applications
- Antivirus Software
- Web and Database Servers
- Password Complexity and Policy
- Tokens, HOTP, and TOTP Controls
- Biometric and Geolocation Methods
- Kerberos, NTLM, LDAPS, and Active Directory
- SSO, SAML, OAuth, and OpenID Connect
- Access Control Models
- Providing Integrity with Hashing
- Symmetric Encryption Characteristics
- Asymmetric Encryption Characteristics
- Email: Using Cryptographic Protocols
- Public Key Infrastructure: Certificates
- Cryptography Security Threats
- Biometric Implementation
- Fingerprint Recognition Systems
- Facial Recognition Systems
- Iris and Retinal Imaging Systems
- Keystroke Dynamics
- Voice Recognition Systems
- Understanding Elements of Proof
- Incident Scene Management
- Chain of Custody
- The Purpose of Investigations
- Investigative Interview Strategies
- Documenting Interviews
- General Process for Performing Analysis
- Available Sources of Data
- Outlining the Analysis Approach
- Selection of Analysis Methods
- Special Considerations for Artifacts
- Evaluating Analysis Results
- The Need for Network Monitoring
- Types of Network Monitoring
- Setting Up a Network Monitoring System
- Network Surveillance
- Network Sensor Deployment
- Network Logging Challenges
- When to Perform a Live Response
- Live Response Challenges
- Selecting a Live Response Tool
- Data Collection Considerations
- Common Live Response Data
- Collection Best Practices
- Windows System Overview
- System and Event Logs
- Windows Registry Evidence
- Windows Services and Processes
- Memory Forensics
- Alternative Persistence Mechanisms
- Investigating Applications Overview
- Windows Application Data Storage
- General Investigative Methods
- Investigating Web Browsers
- Investigating E-Mail Clients
- Investigating Instant Message Clients
- Vulnerability Program Essentials
- Prioritizing Vulnerability and Risk
- Rating Vulnerability Levels
- Analyzing a Vulnerability Notification
- Establishing an Efficient Workflow
- Vulnerability Scanning Software
Course Learning Objectives
Upon successful completion of the Network Defense and Investigations Specialist course, participants will be able to:
- CLO #01: Identify the purpose of enterprise network devices such as firewalls (stateless, stateful, host, network, and application), switches, routers, access control lists, intrusion detection and prevention systems, unified threat management devices, and sources of critical logs.
- CLO #02: Describe the purpose of enterprise network services such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), network-level DNS logging, management applications, antivirus software, quarantine files, and network log files.
- CLO #03: Examine the principles and purpose of secure network architecture, architecture security frameworks, implementation of supporting security controls, zero trust network foundations and assertions, and identifying network baselines and anomalies.
- CLO #04: Identify security technologies, risk management models, network and system defense methodologies, identity and access management practices, cryptographic protocols, threats to cryptographic protocols, and intrusion detection techniques.
- CLO #05: Summarize investigative practices that include elements of proof, field investigation toolkits, incident scene management, evidence dynamics, chain of custody, investigative interview strategies, non-verbal communication, and Locard’s Principle of Exchange.
- CLO #06: Evaluate critical sources of forensic evidence including Windows file systems, volatile and persistent memory, event logs, process tracking, web-based applications (browsers, email, and instant messages), malware files, and malicious websites.
Contact Us to Learn More
To find out more about Cybersecurity Courses and our full range of available client services, contact us today via the phone number or email address listed below.