ELIGIBILITY Students must meet ONE of these criteria: DoD service member on Title 10 status; DoD or Federal agency civilian; assigned to a U.S. government agency or an official representative of a government that has an existing MOU with the U.S. for cyber training; granted an exception by the DCITA Director
IN-RESIDENCE AND ONLINE Students attend in-residence courses at the DCITA Schoolhouse in Linthicum, Md. Online training is delivered on the DCITA Portal (Learn.DCITA.edu), where students can access an array of educational resources, tools and technologies.
LA Log Analysis
This course provides foundational log analysis skills and experience using the tools needed to help detect a network intrusion. Students learn how to process logs from Windows and Linux operating systems, firewalls, intrusion detection systems and Web and e-mail servers. Applying their analytical skills, students learn how to assemble evidence found in logs to assist in tasks ranging from building a case to recognizing an intrusion.
Online (instructor-led): 50 hours over 5 weeks. Prerequisites: NIB (basic understanding of TCP/IP networking and the ability to navigate Windows and Linux systems from the command line recommended).
NIB Network Intrusions Basics
This course provides foundational knowledge needed to perform a network investigation. Students learn the language of intrusions and explore network fundamentals as they apply to network investigations. NIB is intended to provide core network investigation concepts to prepare students for DCITA’s advanced network investigations courses.
Online (self-paced): 10 hours. Prerequisites: None (INCH or CompTIA Network+ certification recommended).
FIWE Forensics and Intrusions in a Windows Environment
This foundational course for network investigations is a scenario-based training in how to conduct a full investigation of a network intrusion. Students conduct several forensic examinations, analyzing log data and network traffic, preparing an executive summary, creating an event timeline and performing malware analysis. The techniques presented prepare students to perform a variety of network investigations.
In-residence: 80 hours over 10 days. Blended delivery: 40 hours over 7 weeks online followed by 40 hours over 5 days in the DCITA Schoolhouse. Prerequisites: WFE-E or test-out and NIB.
NIT Network Intrusion Techniques
This boot camp-style course prepares students to take EC-Council’s Certified Ethical Hacker (CEH) certification exam to satisfy DoD Directive 8570 requirements. The course introduces students to the fundamental concepts of system vulnerability assessment and penetration testing. Students engage interactive environments to gain in-depth practical experience in scanning, attacking and securing systems. The techniques in this course will improve students’ understanding of detecting intrusions, creating policies, methods of social engineering, attack vectors using distributed denial of service (DDoS), and malware creation.
In-residence: 10 days. Prerequisites: INCH or FN or CompTIA Network+ certification and NIB (LIF and FIWE recommended).
CSF Cybersecurity Fundamentals
This boot camp-style course prepares students for the CompTIA Security+ certification. The course reviews the six domains of the Security+ exam: network security; compliance and operational security; threats and vulnerabilities; application, data and host security; access control and identity management; and cryptography.
In-residence: 5 days. Prerequisites: None (CompTIA Network+ certification and at least two years of experience in cyber defense roles recommended).
MA Malware Analysis
This course teaches basic to intermediate malware analysis techniques. Students create analytical reports resulting from static and dynamic analysis of malware that can be used to develop mitigation strategies.
In-residence: 5 days. Prerequisites: NIB and Security+ or Certified Ethical Hacker (CEH) certification.
LNI Live Network Investigations
This course trains students to conduct an intrusion investigation on large-scale, heterogeneous networks actively under attack. Students learn to assess the scope of a live, dynamic incident and apply several investigative techniques while on scene to identify the source, target and methods of a compromise by using free, readily available tools.
In-residence: 10 days. Prerequisites: FIWE or test-out (NIT and two years of computer forensic examination experience recommended).
ICIT Introduction to Cyber Insider Threat
This scenario-based online course introduces the insider threat and presents methods for investigation and analysis. The course defines insider threat and explains the motivations, behavior indicators, tactics and techniques associated with threat activity in the cyber domain. Students explore technical and administrative resources used to identify and investigate insider-threat activity.
Online (self-paced): 6 hours. Prerequisites: None.
CTTS Cyber Threats and Techniques Seminar
This self-paced, online seminar examines the open nature of information communicated via social networking and outlines the digital footprint left during routine Internet use. The training covers techniques and tools adversaries use to gather personal data stored online and advises users on how to take control of their online identity and limit the amount of personal data that is potentially at risk.
Online (self-paced): 4 hours. Prerequisites: None.
DDP Digital Data Protection
This course introduces basic information about electronic devices including laptops, mobile phones, media players, GPS receivers and digital cameras, commonly used during travel. Given a travel scenario, students will successfully demonstrate effective physical measures and best practices for securing information, identify points of vulnerability, prevent information from being compromised and recognize whether information has been compromised.
In-residence: 40 hours over 5 days. Online (self-paced): 40 hours. Prerequisites: None.
CITA Cyber Insider Threat Analysis
This course defines insider threat, examines relevant laws and regulations, and explores motivations and indicators of insider threat agents. Students learn to review data from information sources that support investigations, such as system and network logs, detection tools, public records and agency checks, and use tools to analyze and evaluate information. Acquiring competency in the analytical process enables practitioners to identify probable cyber insider threat actors and develop strategies to mitigate or exploit the threat activity.
In-residence: 10 days. Prerequisites: INCH or test-out.
WFE-E-CI Windows Forensic Examinations–EnCase–Counterintelligence
This course introduces counterintelligence agents and digital media examiners to the basic concepts and practices of processing digital evidence in a CI-based scenario. Building on the Computer Incident Responders Course (CIRC), WFE-E-CI presents a comprehensive forensic examination process, including technical procedures, reporting and expert witness testimony. Students set up a forensic workstation and conduct an examination of a Windows system using the EnCase forensic tool.
In-residence: 10 days. Prerequisites: CIRC or test-out.
CAC Cyber Analyst Course
This course presents analytical methodologies and information sources applicable to a cyber environment. Topics include interpreting analysis and forensic reports, Internet research, computer system and network analysis, log analysis, data-hiding techniques and intrusion identification. Provided with incident and technical reports, log files and access to online repositories, students will conduct analysis and create analytical products, including a written report and a link analysis chart.
In-residence: 10 days. Prerequisites: INCH or test-out.
OUT Online Undercover Techniques
This course provides investigators with the foundational knowledge and skills needed to successfully operate in cyberspace while maintaining the integrity of their investigations and operations. Students learn how to construct and operate an online undercover persona, and how investigate one. This course is designed for those involved in counterintelligence or criminal investigations.
In-residence: 5 days. Prerequisites: None.
CIRC Computer Incident Responders Course
This course teaches students the skills needed to perform as first responders, competent in safely and securely collecting digital media and knowledgeable of legal considerations and limitations. Students learn to find and extract volatile information from computers and networking devices. To obtain images of media in a networked environment, students use several methods and tools, including EnCase, FTK Imager, dc3dd and hardware write- blocking devices.
In-residence: 80 hours over 10 days. Blended delivery: 56 hours over 5 weeks online followed by 24 hours over 3 days in-residence at the DCITA schoolhouse. Prerequisites: INCH or test-out.
MCIU Managing Cyber Investigation Units
This online course prepares students to take on or support the role of manager of a cyber investigation unit (CIU). Major topics include establishing a cyber investigation unit, budgeting and procurement, personnel selection and managing investigations. Students learn how to establish a CIU on an organizational level and direct operational policies. The course explores requirements for personnel and facilities, and the importance of training to maintain consistent lab quality.
Online (instructor-led): 30 hours over 3 weeks. Prerequisites: None.
ICI Introduction to Cyber Investigations
This online course prepares students to perform or support the role of case agent for basic cyber investigations. Students learn basic technical concepts and the legal framework that guides how cyber investigations are conducted. Major topics include an overview of cyber investigations, technical and legal fundamentals, special aspects of cyber case management (including online evidence collection), and subjects of cyber investigations.
Online (instructor-led): 40 hours over 4 weeks. Prerequisites: None.
LDSA Large Data Set Acquisitions
This course teaches the technology and best practices for collecting evidence and preserving critical data on large data sets, and addresses the legal aspects of collecting data across multiple jurisdictions. The course focuses on redundant array of independent disks (RAID), network attached storage (NAS), and storage area network (SAN) devices. Students learn to assess these storage systems and gain experience in techniques for collecting critical evidence from large data sets.
In-residence: 5 days. Prerequisites: CIRC or test-out.
NMC Network Monitoring Course
This course provides the knowledge and skills for students to be able to capture selected traffic on a data network and conduct a preliminary analysis of the data. Students learn to plan the event, assess the network, place the sensor, capture the data, and begin to analyze it. Wireless monitoring and legal aspects of network monitoring are also covered.
In-residence: 5 days. Prerequisites: INCH or test-out.
IMD Introduction to Mobile Devices
The IMD course presents techniques for collecting, documenting and reporting data found on mobile devices. Students learn how mobile phones, media players and GPS devices work and become familiar with the types of data found on them. Using UFED, Cellebrite’s mobile device analysis tool, students learn to extract data and collect information relevant to investigations.
Blended delivery: 16 hours over 2 weeks online, followed by 40 hours over 5 days at the DCITA Schoolhouse. Prerequisites: None.
WFE-E Windows Forensic Examinations-EnCase
This course builds on the Computer Incident Responders Course (CIRC) and presents a comprehensive forensic examination process, including technical procedures, reporting and expert witness testimony. Using the EnCase forensic tool, students learn to conduct fundamental examinations of Windows systems against the backdrop of a law enforcement scenario. Students set up a forensic workstation and conduct an examination.
In-residence: 80 hours over 10 days. Blended delivery: 40 hours over 4 weeks online followed by 40 hours over 5 days at the DCITA Schoolhouse. Prerequisites: CIRC or test-out.
DEF Deployable Forensics
This course teaches students how to recover time-sensitive, mission- relevant information from digital media quickly and competently in a hostile environment. Students learn the steps for conducting basic forensic examinations using common forensic software tools. Main course topics include identifying hardware and digital media, using data search and recovery techniques, configuring and using common forensic software tools and imaging digital media.
In-residence: 10 days (also available as Mobile Team Training). Prerequisites: None.
WFE-FTK Windows Forensic Examinations-Forensic Toolkit
This course builds on the Computer Incident Responders Course (CIRC) and teaches a comprehensive forensic examination process, including technical procedures, reporting and expert witness testimony. Using Forensic Toolkit (FTK) software, students learn to conduct fundamental examinations of Windows systems against the backdrop of a law enforcement scenario. Students set up a forensic workstation and conduct an examination.
In-residence: 10 days. Prerequisites: CIRC or test-out.
MCFE Macintosh Forensic Examinations
This course teaches forensic examination concepts and processes for Macintosh operating systems, including the latest OS X operating system, Mavericks. Provided with a Mavericks forensic image, students use EnCase and other software tools to conduct a thorough examination of a Macintosh system. Students also examine a backup image of an iDevice using Mobile Phone Examiner.
In-residence: 5 days. Prerequisites: WFE-E or test-out.
AFC Advanced Forensic Concepts
This course examines advanced digital forensic concepts not typically addressed at the basic and intermediate levels. Topics include the analysis of complex computer constructs and artifacts such as deleted partitions, encryption and volatile memory. Students learn to recover social media artifacts, passwords and encrypted data not otherwise apparent during traditional dead box forensics.
In-residence: 5 days. Prerequisites: WFE-E or test-out or a comparable computer forensic certification, e.g., CFCE, ACE, EnCE (at least two years of experience with forensic examinations recommended).
INCH Introduction to Networks and Computer Hardware
This foundational course teaches basic computer and network theory, and component identification and function. Students explore common operating system functionality, focusing on use of the command line in Microsoft Windows and Linux. The course material and associated practical exercises introduce security terminology and techniques.
In-residence: 80 hours over 2 weeks. Online (instructor-led): 80 hours over 7 weeks. Prerequisites: None
FN Fundamentals of Networking
This is a boot camp-style course that prepares students for the CompTIA Network+ certification exam. The course presents essential network technology concepts, including network hardware, cabling and topologies, and the methods to configure them. Students learn many of the common protocols used in networking and how network technologies make use of them. After gaining a firm understanding of foundational networking information, students learn many security measures available to protect a network. Additionally, students learn basic network troubleshooting techniques.
In-residence: 40 hours over 1 week. Online (instructor-led): 40 hours over 8 weeks. Prerequisites: None (At least nine months of experience in IT networking and CompTIA A+ certification or equivalent knowledge recommended).
LIF Linux Intermediate Fundamentals
This online course teaches the core techniques, concepts and fundamentals of Linux system operation. Students acquire intermediate Linux command line skills used in cyber investigation studies and real-world investigation and security. Students gain competency in functions relevant to standard Linux environments, including user and permission configuration and partition and file system manipulation.
Online (instructor-led): 30 hours over 3 weeks. Prerequisites: INCH or test-out (Basic knowledge of Linux recommended). Credit: Eligible for CompTIA continuing education units.
WT Wireless Technology
This course examines wireless technologies from an investigative perspective. Students learn basic wireless communication concepts that help them understand the capabilities, limitations and vulnerabilities of wireless technologies. By working through a variety of hands-on exercises, students experience wireless attacks from the perspectives of attacker and victim.
In-residence: 5 days. Prerequisites: None (Familiarity with Linux commands and networking theory recommended). Credit: Eligible for CompTIA continuing education units.