ELIGIBILITY Students must meet ONE of these criteria: DoD service member, active duty, civilian, Reserve or National Guard on Title 10 status; or Federal agency Government employee.
IN-RESIDENCE AND ONLINE Students attend in-residence courses at the DCITA Schoolhouse in Linthicum, Md. Online training is delivered on the DCITA Portal (Learn.DCITA.edu), where students can access an array of educational resources, tools and technologies.
LA Log Analysis
This course provides foundational log analysis skills and experience using the tools needed to help detect a network intrusion. Students learn how to process logs from Windows and Linux operating systems, firewalls, intrusion detection systems and Web and e-mail servers. Applying their analytical skills, students learn how to assemble evidence found in logs to assist in tasks ranging from building a case to recognizing an intrusion.
Online (instructor-led): 50 hours over 5 weeks. Prerequisites: NIB (basic understanding of TCP/IP networking and the ability to navigate Windows and Linux systems from the command line recommended).
NIB Network Intrusions Basics
This course provides foundational knowledge needed to perform a network investigation. Students learn the language of intrusions and explore network fundamentals as they apply to network investigations. NIB is intended to provide core network investigation concepts to prepare students for DCITA’s advanced network investigations courses.
Online (self-paced): 10 hours. Prerequisites: None (INCH or CompTIA Network+ certification recommended).
FIWE Forensics and Intrusions in a Windows Environment
This foundational course for network investigations is a scenario-based training in how to conduct a full investigation of a network intrusion. Students conduct several forensic examinations, analyzing log data and network traffic, preparing an executive summary, creating an event timeline and performing malware analysis. The techniques presented prepare students to perform a variety of network investigations.
In-residence: 80 hours over 10 days. Prerequisites: WFE-E or test-out and NIB.
CEH Certified Ethical Hacker
This boot camp-style course prepares students to take EC-Council’s Certified Ethical Hacker (CEH) certification exam to satisfy DoD Directive 8570 requirements. The course introduces students to the fundamental concepts of system vulnerability assessment and penetration testing. Students engage interactive environments to gain in-depth practical experience in scanning, attacking and securing systems. The techniques in this course will improve students’ understanding of detecting intrusions, creating policies, methods of social engineering, attack vectors using distributed denial of service (DDoS), and malware creation.
In-residence: 40 hours over 5 days. Prerequisites: INCH or NET+ or CompTIA Network+ certification and NIB (LXE and FIWE recommended).
This boot camp-style course prepares students for the CompTIA Security+ certification. The course reviews the six domains of the Security+ exam: network security; compliance and operational security; threats and vulnerabilities; application, data and host security; access control and identity management; and cryptography.
In-residence: 40 hours over 5 days. Prerequisites: None (CompTIA Network+ certification and at least two years of experience in cyber defense roles recommended).
TE Threat Emulation
This course addresses aspects of cyber threat emulation by having students define the steps and processes, employ the stages or phases of an attack, and carry out the replication of required threats.
In-residence: 40 hours over 5 days. Prerequisites: CPT-CTE Tech Track (Cyber Operations Training School, e.g., completion of A school or A-school equivalent, or JCAC recommended. Students must have the prerequisite background experience or equivalent to understand the material. This information is covered in INCH, CIRC-FC, WFE-E and FIWE.)
MA Malware Analysis
This course teaches basic to intermediate malware analysis techniques. Students create analytical reports resulting from static and dynamic analysis of malware that can be used to develop mitigation strategies.
In-residence: 5 days. Prerequisites: NIB and Security+ or Certified Ethical Hacker (CEH) certification.
LNI Live Network Investigations
This course trains students to conduct an intrusion investigation on large-scale, heterogeneous networks actively under attack. Students learn to assess the scope of a live, dynamic incident and apply several investigative techniques while on scene to identify the source, target and methods of a compromise by using free, readily available tools.
In-residence: 10 days. Prerequisites: FIWE or test-out (NIT and two years of computer forensic examination experience recommended).
ICIT Introduction to Cyber Insider Threat
This scenario-based online course introduces the insider threat and presents methods for investigation and analysis. The course defines insider threat and explains the motivations, behavior indicators, tactics and techniques associated with threat activity in the cyber domain. Students explore technical and administrative resources used to identify and investigate insider-threat activity.
Online (self-paced): 6 hours. Prerequisites: None.
CTTS Cyber Threats and Techniques Seminar
This self-paced, online seminar examines the open nature of information communicated via social networking and outlines the digital footprint left during routine Internet use. The training covers techniques and tools adversaries use to gather personal data stored online and advises users on how to take control of their online identity and limit the amount of personal data that is potentially at risk.
Online (self-paced): 4 hours. Prerequisites: None.
DDP Digital Data Protection
This course introduces basic information about electronic devices including laptops, mobile phones, media players, GPS receivers and digital cameras, commonly used during travel. Given a travel scenario, students will successfully demonstrate effective physical measures and best practices for securing information, identify points of vulnerability, prevent information from being compromised and recognize whether information has been compromised.
In-residence: 40 hours over 5 days. Online (self-paced): 40 hours. Prerequisites: None.
CITA Cyber Insider Threat Analysis
This course defines insider threat, examines relevant laws and regulations, and explores motivations and indicators of insider threat agents. Students learn to review data from information sources that support investigations, such as system and network logs, detection tools, public records and agency checks, and use tools to analyze and evaluate information. Acquiring competency in the analytical process enables practitioners to identify probable cyber insider threat actors and develop strategies to mitigate or exploit the threat activity.
In-residence: 10 days. Prerequisites: INCH or test-out.
CAC Cyber Analyst Course
This course presents analytical methodologies and information sources applicable to a cyber environment. Topics include interpreting analysis and forensic reports, Internet research, computer system and network analysis, log analysis, data-hiding techniques and intrusion identification. Provided with incident and technical reports, log files and access to online repositories, students will conduct analysis and create analytical products, including a written report and a link analysis chart.
In-residence: 10 days. Prerequisites: INCH or test-out.
OUT Online Undercover Techniques
This course provides investigators with the foundational knowledge and skills needed to successfully operate in cyberspace while maintaining the integrity of their investigations and operations. Students learn how to construct and operate an online undercover persona, and how investigate one. This course is designed for those involved in counterintelligence or criminal investigations.
In-residence: 5 days. Prerequisites: None.
CIRC-FC Computer Incident Responders Course–Forensic Concepts
This course provides an introduction to computer forensics concepts, terminology and management of digital evidence. The course covers the identification, collection and preservation of computer-related and digital evidence, the acquisition of digital evidence, and basic forensic analysis concepts.
In-residence: 40 hours over 5 days. Prerequisites: INCH or test-out.
KT-C Key Terrain-Cyberspace
Developed in response to the need for cyber mission analysis training, this course provides an understanding of how cyber systems enable the real-world mission. The course teaches the concepts of mission analysis, cyber dependencies and effective interviewing, and presents an overview of risk analysis.
In-residence: 40 hours over 5 days. Prerequisites: None. (Cyber Operations Training School, e.g., completion of A school or A-school equivalent, or JCAC, and completion of CCTC recommended.)
MCIU Managing Cyber Investigation Units
This online course prepares students to take on or support the role of manager of a cyber investigation unit (CIU). Major topics include establishing a cyber investigation unit, budgeting and procurement, personnel selection and managing investigations. Students learn how to establish a CIU on an organizational level and direct operational policies. The course explores requirements for personnel and facilities, and the importance of training to maintain consistent lab quality.
Online (instructor-led): 30 hours over 3 weeks. Prerequisites: None.
ICI Introduction to Cyber Investigations
This online course prepares students to perform or support the role of case agent for basic cyber investigations. Students learn basic technical concepts and the legal framework that guides how cyber investigations are conducted. Major topics include an overview of cyber investigations, technical and legal fundamentals, special aspects of cyber case management (including online evidence collection), and subjects of cyber investigations.
Online (instructor-led): 40 hours over 5 weeks. Prerequisites: None.
LDSA Large Data Set Acquisitions
This course teaches the technology and best practices for collecting evidence and preserving critical data on large data sets, and addresses the legal aspects of collecting data across multiple jurisdictions. The course focuses on redundant array of independent disks (RAID), network attached storage (NAS), and storage area network (SAN) devices. Students learn to assess these storage systems and gain experience in techniques for collecting critical evidence from large data sets.
In-residence: 5 days. Prerequisites: CIRC or test-out.
NTC Network Traffic Collection
This course teaches students how to strategically place a monitoring sensor on a network to capture traffic to and from a specific host. Students learn how to evaluate a network, both physically and logically, to determine proper sensor placement. Students also learn how to filter network traffic to comply with wiretap authority, hide the presence of the monitoring workstation on the network, and evaluate captured traffic for the proper content.
In-residence: 40 hours over 5 days. Prerequisites: CIRC-FC or test-out.
IMD Introduction to Mobile Devices
The IMD course presents techniques for collecting, documenting and reporting data found on mobile devices. Students learn how mobile phones, media players and GPS devices work and become familiar with the types of data found on them. Using UFED, Cellebrite’s mobile device analysis tool, students learn to extract data and collect information relevant to investigations.
Blended delivery: 16 hours over 2 weeks online, followed by 40 hours over 5 days at the DCITA Schoolhouse. Prerequisites: None.
WFE-E Windows Forensic Examinations-EnCase
This course builds on the Computer Incident Responders Course–Forensic Concepts (CIRC-FC) course and presents a comprehensive forensic examination process, including technical procedures, reporting and expert witness testimony. Students use the EnCase forensic tool to conduct thorough examinations of Windows systems against the backdrop of a law enforcement scenario.
In-residence: 40 hours over 5 days. Online: 40 hours over 5 weeks. Prerequisites: CIRC-FC or test-out.
WFE-FTK Windows Forensic Examinations-Forensic Toolkit
This course builds on the Computer Incident Responders Course (CIRC) and teaches a comprehensive forensic examination process, including technical procedures, reporting and expert witness testimony. Using Forensic Toolkit (FTK) software, students learn to conduct fundamental examinations of Windows systems against the backdrop of a law enforcement scenario. Students set up a forensic workstation and conduct an examination.
In-residence: 10 days. Prerequisites: CIRC or test-out.
INCH Introduction to Networks and Computer Hardware
This foundational course teaches basic computer and network theory, and component identification and function.
In-residence: 40 hours over 5 days. Online: 40 hours over 5 weeks. Prerequisites: None
This boot camp-style course prepares students for the CompTIA Network+ certification exam. The course presents essential network technology concepts, including network hardware, cabling and topologies, and the methods to configure them. Students learn many of the common protocols used in networking and how network technologies make use of them. After gaining a firm understanding of foundational networking information, students learn many security measures available to protect a network. Additionally, students learn basic network troubleshooting techniques.
In-residence: 40 hours over 5 days. Online: 40 hours over 8 weeks. Prerequisites: None (at least nine months of experience in IT networking and CompTIA A+ certification or equivalent knowledge recommended).
LXE Linux Essentials
This course teaches the core techniques, concepts, and fundamentals of Linux system management and administration. They acquire intermediate Linux skills used in cyber investigation studies and real-world investigative and security tasks. After completing the course, students will have demonstrated competency in defined functions relevant to any standard Linux environment.
Online: 40 hours over 4 weeks. Prerequisites: INCH or test-out (Basic knowledge of Linux recommended). Credit: Eligible for CompTIA continuing education units.
WT Wireless Technology
This course examines wireless technologies from an investigative perspective. Students learn basic wireless communication concepts that help them understand the capabilities, limitations and vulnerabilities of wireless technologies. By working through a variety of hands-on exercises, students experience wireless attacks from the perspectives of attacker and victim.
In-residence: 5 days. Prerequisites: None (Familiarity with Linux commands and networking theory recommended). Credit: Eligible for CompTIA continuing education units.
This course teaches the fundamentals of the C programming language. Students learn basic syntax and the program structure, including functions, variables, statements and expressions. Using C, students write programs using standard language infrastructure.
In-residence: 40 hours over 5 days. Prerequisites: None (basic Linux and scripting experience recommended)
IC Intermediate C
This course teaches intermediate level concepts of the C programming language. Students learn data structures such as arrays and structs, the use of pointers, and intermediate topics in I/O such as file I/O and input validation. Using C, students write programs using standard language infrastructure.
In-residence: 40 hours over 5 days Prerequisites: Core-C or basic understanding of the C programming language (programming or scripting experience in another language recommended)
PR PowerShell for Responders
The course teaches the fundamentals of the PowerShell scripting language. Students learn basic syntax and the script structure, including functions, variables, statements and expressions. Students use PowerShell to write programs using standard language infrastructure for the purpose of performing live forensics and/or system state modification.
In-residence: 40 hours over 5 days Prerequisites: None (INCH and WFE-FTK recommended).