Phase2 Advantage  |  Phone: 912.335.2217  |  Email: info@phase2advantage.com

Certified Network Forensic Analysis Manager

Course Description

Instructor-Led Classroom: Certified Network Forensic Analysis Manager

The Certified Network Forensic Analysis Manager certification course was originally developed for the U.S. government, and has now been made available to city, county, and state law enforcement agencies. Civilian personnel outside of the law enforcement community are also authorized to attend and will receive practical training for their business environments.

This comprehensive course brings incident response and network forensic core competencies to advanced levels by presenting students with 12 detailed learning objectives. Students will be provided with both experiential knowledge and practical skills that simulate real-world scenarios, investigations, and recovery of evidentiary data in systems and networks. With a specific focus on the centralizing and investigating of logging systems and network devices, students will cover topics such as: Incident Response Management; Live Data Collection; Analysis Methodology; Malware Triage; and, practical lab exercises utilizing the Wireshark packet capturing tool for network investigations.

Course Outline and Learning Objectives

  • Network Forensics vs. Digital Forensics
  • What Constitutes an Incident?
  • The Incident Response Life Cycle
  • What is Incident Response?
  • Concept of the Attack Life Cycle
  • 7 Stages of the Attack Life Cycle
  • Common Security Incidents
  • Goals of Incident Response
  • Incident Response Team Considerations
  • Indicators of Compromise (IOC)
  • Analyzing Data Evidence
  • Tracking Investigative Information
  • Defining the Network Forensic Mission
  • Internal Communication Procedures
  • External Communication Procedures
  • Forensic Team Deliverables
  • Building a Field Forensic System
  • Preparing the Infrastructure
  • Time Zones and Investigative Timelines
  • Collecting Initial Facts
  • Network and Incident Checklists
  • Maintaining Case Notes
  • Building an Attack Timeline
  • Defining Leads of Value
  • Turning Leads into Indicators
  • The Life Cycle of Indicator Generation
  • Indicator Verification
  • Resolving Internal Leads
  • Reporting Findings to Law Enforcement
  • When to Perform a Live Response
  • Live Response Challenges
  • Selecting a Live Response Tool
  • Data Collection Considerations
  • Common Live Response Data
  • Collection Best Practices
  • The Case for Network Monitoring
  • Types of Network Monitoring
  • Setting Up a Network Monitoring System
  • Network Surveillance
  • Network Sensor Deployment
  • Network Logging Challenges
  • Enterprise Services
  • Dynamic Host Configuration Protocol
  • Domain Name System
  • Enterprise Management Applications
  • Antivirus Software
  • Web Servers
  • General Process for Performing Analysis
  • Available Sources of Data
  • Outlining the Analysis Approach
  • Selection of Analysis Methods
  • Special Considerations for Artifacts
  • Evaluating Analysis Results
  • Malware Triage Concepts
  • Malware Handling Procedures
  • Malware Distribution and Documentation
  • Physical and Virtual Triage Environments
  • Automated, Manual, Static, and Dynamic Analysis
  • Malware Runtime Monitoring
  • Effective Incident Remediation
  • Assigning a Remediation Owner
  • Remediation Posturing Actions
  • Eradication Plan Development
  • Plan Timing and Execution
  • Strategic Recommendations and Lessons Learned
  • Virtual Machine Setup in Kali Linux
  • The Wireshark User Interface
  • Customizing Wireshark Settings
  • Applying Capture Filters
  • Applying Display Filters
  • Color Rules and Packet Export
  • Creating Tables and Graphs
  • File and Object Reassembly
  • Adding Comments to Trace Files
  • Command-Line Capture Tools

Hard Copy Course Materials (Included)

Course Textbook
Course Lab Textbook

Exam Prep Guide
Course Workbook & Labs

Lab Images (if Applicable)
Domain Assessment Quizzes

CPE Credit Certificate
Certification Examination

Certification Examination

Phase2 Advantage Cyber Security Certification Examination

Upon completion of instructor-led classroom courses, students will be prepared to sit for the certification examination. The proctored examination will be offered at the conclusion of the final training day consisting of True/False, Multiple Choice, and Fill in the Blank questions.

Students will have two hours to complete a computer-based examination consisting of 100 questions. A score of 70% or higher is required to earn the certification. Upon successful completion of the exam, students will receive a hardcopy of their certification and a proctor validation document from the course instructor. Students will also receive a 40-hour CPE Certificate regardless of their exam score.

The examination is “closed book.” However, students will be allowed to use their notes on material presented during the course.  Students will be required to turn off and secure digital devices, remain in the classroom, and refrain from distracting actions while the examination is in progress.

Additional Information

LANGUAGE

DURATION

LABS

CPE CREDIT

COURSE FEE

English

5 Days

Yes

40 CPE Credits

$3,000

Certification Exam, Course Materials, and Daily Lunches Included in Course Fee.

All Phase2 Advantage cyber security certification courses taught in a classroom format are conducted at Savannah Technical College in Savannah, Georgia.

The colleges’ five campus locations – Savannah Campus, Liberty Campus, Effingham Campus, Crossroads Campus, and the Fort Stewart Army Education Center – are conveniently located near major hotels, restaurants, and the Savannah / Hilton Head International Airport. Attractions such as Historic Downtown Savannah, River Street, Crosswinds Golf Club, and the beaches of Tybee Island are just a short distance from the Savannah training campus.

The Certified Network Forensic Analysis Manager course is a component of the career progression track that supports the required Categories, Specialty Areas and Work Roles as defined by the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework.

Contact Us:  912.335.2217

Certification Courses ● Training Quotes Available Discounts