DC3 Twitter DC3 YouTube DC3 LinkedIn DC3 Facebook
DC3 Banner


RT120, Computer Incident Responders Course (CIRC)


Who Should Attend:
DCIO Federal and CI investigators and prospective lab examiners.

Prerequisites:
TT110 (INCH) or Test out

Duration:
10 Days

Course Description:
In this First Response course, students learn how to seize and preserve digital evidence. They get extensive practice imaging hard disks, USB drives, and other media using a variety of methods and tools, including EnCase, FTK Imager, dc3dd, and hardware write-blocking devices. Using several operating systems, students learn to find and extract volatile information of evidentiary value, such as log files, user information, and access rights. They also learn what user information may reside only on network servers, such as user profile and e-mail content, and how to acquire it. Networking sections emphasize network topology so that students understand which log files contain potential evidence and where to find them. In addition, students get extensive practice collecting images in a network environment.

Objectives:


  • Demonstrate first responder basics of Microsoft Windows, Linux, and Sun Solaris network environments
  • Explain incident response preparation
  • Practice evidence collection for first responders to a network incident

Topics Covered:

Evidence Handling

  • Learn basic first response evidence collection and preservation techniques for different network operating systems
  • Learn the necessary preparatory actions for responding to a home computer environment or a network incident
  • Learn tools and system commands for first response evidence collection in Sun Solaris, Fedora Linux, and Windows network operating systems.
  • Volatile information
  • Imaging

Network Protocols

  • Know what function different network protocols provide
  • Identify the OSI Model, its seven layers and how they relate to network evidence
  • Know the TCP/IP protocol stack and the functions of its protocols

Routers and Firewalls

  • Know the main functions of a router and firewall and identify what type of information can be gathered on-site
  • Understand what routers and firewalls are and how they work
  • Identify what information can be secured from a router or firewall to help in a network investigation

Network Sniffers and IDS

  • Know the main functions of a sniffer or intrusion detection system and identify what type of information can be gathered on-site
  • Understand what sniffers and intrusion detection systems are and how they work
  • Identify how sniffers are used by both hackers and investigators
  • Learn how investigators use intrusion detection systems

CIRC Course Description

Page Last Modified: 09 May 2012  |  Page Last Reviewed: 09 May 2012   |   External Link Disclaimer   |   Security and Privacy Policy   |   No FEAR Act  |  DoD   |   USA.gov