IFCI Expert Cybercrime Investigator's Course
4.3 (32 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
161 students enrolled
Wishlisted Wishlist

Please confirm that you want to add IFCI Expert Cybercrime Investigator's Course to your Wishlist.

Add to Wishlist

IFCI Expert Cybercrime Investigator's Course

Protect your network - Put cybercriminals in jail. Learn computer forensics, malware analysis and hacker investigations.
4.3 (32 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
161 students enrolled
Created by Brian Hussey
Last updated 1/2015
English
Current price: $43 Original price: $175 Discount: 75% off
5 hours left at this price!
30-Day Money-Back Guarantee
Includes:
  • 16.5 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Respond to cybercrime incidents, forensic acquisition, volatile memory acquisition, and live system analysis.
  • Conduct full system computer forensic investigation, recover deleted files, carve data structures from unallocated space.
  • Identify, extract, and analyze malware.
  • Analyze data breach incidents to determine if and what data was stolen.
  • Conduct volatile memory analysis using Volatility.
  • Learn the history of cybercrime and how it intertwines with international organized crime, how it is monetized, and how it connects to cyber espionage, cyber terror and nation state sponsored attacks.
  • Learn hacker tactics, techniques, and procedures - and how to defend against them.
  • Learn techniques to pursue cybercriminals across the globe.
  • Testify as an expert witness against computer criminals.
  • Take the exam and become a professional IFCI Certified Cybercrime Investigator (IFCI-CCI)
View Curriculum
Requirements
  • This course is for computer forensics beginners who are already skilled in general usage of Windows computers.
Description

What is the IFCI Cybercrime Investigator's Course?

IFCI’s flagship training program is the IFCI-CCI (Cybercrime Investigator) Training course. The IFCI-CCI teaches students the skills necessary to respond to all kinds of cybercrime incidents, from initial incident response and digital crime scene evidence acquisition to advanced forensic analysis and tracking International cybercriminals across the Internet.

The main goal for this course is to empower the nation’s cyber investigators with the knowledge, skills and abilities to undertake and successfully carry out their own investigations. This course is the first step for investigators to turn the tables on cyber criminals who are fleecing legitimate economies worldwide of billions of dollars every year.

Some Course highlights include:

  • 15 hands-on labs - devised of real world scenarios
  • Analysis of Windows forensic artifacts
  • Volatile memory analysis
  • Network intrusion investigations
  • Internet activity and email analysis
  • Network traffic data analysis
  • International cybercriminal profiling
  • Attack vector identification
  • Dynamic malware analysis

Who Should Take this course?

Anybody whose job requires them to respond to cyber incidents, or anyone with an interest in cybercrime investigation, should take the IFCI-CCI training course. This course will help you by providing fast solutions to the following emergency situations:

Corporate Risk/Security - Intellectual Property Theft Case: Your Research and Development Director quits and goes to work for a competitor.

  • Can you determine if he copied your company’s secrets to a USB drive to take with him?

Police Investigations - Kidnapping Case: A child is taken from his home at night and the family receives an email with a proof-of-life picture and ransom demand.

  • Can you extract IP addresses from the email headers to track the offender back to his location, or extract lat/long coordinates from the picture’s EXIF data to determine the exact location the picture was taken?

IT Security Team - Rogue Malware Case: You discover malware on an internal corporate computer but you don’t know what it does or why it’s there.

  • Can you analyze the malware, determine its capabilities, identify its target data, and destroy its data exfiltration file before your corporate proprietary information is lost?

Federal Cyber Agent - Botnet Investigation Case: You’ve tracked botnet malware back to a specific set of command and control servers, but what’s the next step?

  • Can you determine the server’s physical location in the world and research current and historical whois information? Are you able to research other malicious domains associated with the same IP address and track Command and Control proxy servers back to specific malicious actors?

E-Discovery Analyst - File access case: You’ve recovered and indexed thousands of PDF files on a computer. One was flagged as key to the case and you are asked if the computer owner knew of and accessed this file.

  • Can you examine the Windows registry and link files to determine the exact time and date that specific users accessed individual files?


Why take this course?

Cybercrime is epidemic. The headlines declare it daily:

  • 2015 - SONY is devastated by an attack that destroys its internal systems, steals terabytes of private data, posts unreleased movies on Internet torrent sites, and humiliates corporate executives. The cost to corporate image and revenue stream is uncountable.
  • 2014 - Home Depot is hacked, losing an estimated 55 million credit cards to the cybercrime underground.
  • 2013 - Russian Hackers steal 40 million credit cards from Target, resulting in approx $1 billion in losses to the company.
  • 2012 - The Shamoon virus destroys nearly 30,000 Saudi Aramco Computers, temporarily shutting down one of the world’s largest corporations.
  • 2011 - SONY data breach lost personal details and payment information for approximately 77 million customers, resulting in massive monetary loss and the temporary closure of the PlayStation Gaming Network.

The corporations victimized in these situations were unprepared to respond to the attacks causing delayed investigations and reduced information flow to decision-making executives. Eventually, they contracted out the investigations to high-priced consultants, whose investigative results were often too little, too late.

IFCI-CCI’s mission is to provide our students the knowledge and skills necessary to respond to network attacks immediately, analyze the evidence, produce actionable cyber-intelligence, and implement it to shore up security vulnerabilities before they become massive breaches like those mentioned above.

There is a dearth of quality training in computer forensics, even less for hacker and malware focused investigations, and almost nothing that is available in a convenient online format that can be studied from the comfort of your own home, and fit to your own schedule. IFCI fills this void by providing the finest cybercrime investigation training in the world, created and delivered by some of the world’s foremost experts in their field, and streamed directly to any Internet-connected device you choose to employ.

Who is the target audience?
  • Technical personnel tasked with, or interested in network security, computer forensics, or malware analysis.
  • Law enforcement officers, federal agents, and intelligence analysts tasked with cyber operations will all benefit from this course.
  • This is a beginner's course, it is also very useful for hobbyists, reporters, and any interested parties.
  • While this is a beginner's course, the material gets more and more complex as the class continues. It is in-depth, detailed, and hands-on and requires maximum effort for maximum benefit - therefore it is not recommended for casual observers not interested in putting forth the effort required to learn the material.
Compare to Other Network & Security Courses
Curriculum For This Course
107 Lectures
16:21:43
+
Computer Forensics Core Concepts
6 Lectures 01:08:50

This section introduces students to the world of computer forensics. It examines what life is really like for a computer forensic analyst on a daily basis, examining both the fascinating and exciting aspects of the job, along with the challenges and difficulties we face. The goal is to honestly help students decide whether this is truly a career they wish to pursue.

Preview 17:14

This lecture explores the different types of careers available for computer forensic specialists and provides general strategies for determining what type of specialty students may be interested in pursuing.

Subfields of Computer Forensics
13:13

People's lives and freedom are often determined based on the quality of our analysis. It is vital to understand this and the importance of this and how to present our findings fairly and properly in a court of law. That is the focus of this lecture.

Roles and Responsibilities of the Cybercrime Investigator
13:30

This lecture examines different types of tools available to the computer forensic examiner, how to verify their accuracy, and the debate surrounding the "approved tool list" vs. the " any tool to get the job done" approach to forensic lab policies.

Computer Forensic Tools and Testing
10:00

Digital evidence comes in many different forms and can be difficult to identify when deploying to cybercrime scenes. This lecture trains students to identify the various different types of evidence that can be analyzed.

Sources of Digital Evidence
08:22

The IFCI Cybercrime Investigator course provides 15 hands-on, real world labs where students will investigate a case using forensic tools and forensic evidence, all provided by the instructor free of charge. Students will need to do some basic steps to set their Windows computer up for the labs. This lecture walks you through all you will need to do in order to tackle all 15 labs.

Home Computer Setup for IFCI Labs
06:31
+
Forensic Acquisitions: Theory & Practice
7 Lectures 01:37:50

The evidence acquisition stage of forensics is vital to future analysis. Mistakes here can create faulty evidence and cause all findings to be inadmissible in court. This lecture explains chain of custody and proper acquisition processes in detail.

Incident Response Triage and Forensic Acquisitons
15:26

The hash serves as a digital fingerprint for all data types but they can also serve many other uses for forensic examiners. This lecture explores the many different kinds of hashes and how to use them in forensics.

Hashes - Digital Fingerprints
11:53

In this hands-on lab students will use instructor provided tools and evidence to analyze files using specific hash algorithims.

Lab1 - Hashing
20:21

This lecture dives deeper into the technical aspects and procedures required for proper forensic image acquisition.

Incident Responder's Forensic Acquisition Process
16:54

Over the years, the traditional theory of acquisition was to 'make no changes' to the evidence, however, this theory has given way to a more modern theory to 'make minimal changes to the evidence' because this was necessary to overcome modern challenges presented by encryption and other data hiding techniques. This lecture explores the differences between these two approaches and when each should be used.

Different Approaches to Forensic Acquisition
09:51

Volatile memory (RAM), is a vital part of modern forensic analysis. This lecture teaches how to conduct RAM acquisitions in a forensic manner.

Volatile Memory Acquisition
12:01

In the second hands-on lab students will use instructor provided materials to conduct their own incident response and forensic acqusition.

Lab2 - Forensic Acquisition Lab
11:24
+
File Systems, Data Structures, and File Deletion Recovery
8 Lectures 01:26:49

This lecture teaches about the differences between file systems and operating systems in modern computing.

Introduction to File Systems and Operating Systems
07:42

How do bits and bytes turn into the information a user actually sees on a computer? How does data exist on a computer and how is it used by the system? These are questions that are vital to understand before we can begin to extract forensic evidence of user activity from the computer. This lecture teaches the basic bits and bytes that make up computer forensics.

Data Structures
36:24

Evidential data can be hidden in many places on a computer system. Slack space may retain key information from deleted files that would otherwise be unrecoverable. This lecture both teaches how to identify and extract evidence from slack space, as well as how to recover user-deleted files.

Slack Space and Deleted Files
10:02

Different computer file systems have different specifications and may require unique approaches to evidence recovery. This lecture explores the unique requirements presented by specific file systems.

File System Limitations
04:26

FAT (File Allocation Table) file systems are used frequently in older computers and USB drives. This lecture explores FAT file system specifics.

FAT File Systems
03:34

NTFS (New Technology File Systems) is the ubiquitous file system used in modern Windows computers. This lecture explores NTFS specifics and how they impact forensic investigations.

NTFS File Systems
04:06

Important forensic evidence may exist in areas of a computer's hard drive that are completely inaccessible to the Operating System. Partial or complete files can still be recovered even though there is no way to recover this data using standard tools. This can be done via a process called file caving; this is the focus of this lecture.

File Carving and File Fragmentation
05:41

Lab 3 Deleted File Recovery
14:54
+
Email & Internet History Analysis
10 Lectures 01:29:57

Email is the most common communication method in modern business and personal correspondence. It is also a primary location to find evidence of criminal activity. This lecture explores forensic analysis of email.

Email Analysis
11:47

Recovery of email that is primarily stored on the computer's hard drive is much less challenging than web-based email, such as Gmail or Yahoo mail. This lecture discusses the various aspects of both types of email analysis.

Host and Web Based Email Extraction
07:09

Email contains a vast amount of additional information, if you know where to look. This lecture teaches how to determine the source of email attacks by header analysis, as well as teaching how Base64 is used in modern email transmission and its importance to forensic investigations.

Email Header Analyisis and Base64 Encoding
07:02

The 4th lab asks students extract suspect email from a real forensic image and to use instructor provided tools to begin their investigation. They are also asked to determine how malware was used to attack the victim computer via an email vector.

LAB 4 - Email Analysis
20:22

Did you know that forensic analysis enables an investigator to recover all Internet searches, maps, and pages that a suspect ever visited? This lecture introduces the topic of Internet activity analysis.

Internet Activity Analysis Introduction
03:19

Google Chrome is now the most popular Internet browser on the market and Firefox has been a popular browser for years. This lecture teaches how to recover forensic artifacts that will show all suspect Internet activity conducted with these two browsers.

Chrome and Firefox Analysis
06:00

Internet Explorer has long been a leading Internet browser. Analysis of IE's forensic artifacts has changed little until version 10, which shipped with Windows 8. This lecture will show IE forensic artifacts that can be recovered from both versions.

Internet Explorer Analysis
05:52

Oftentimes a forensic investigator can not only say a suspect visited a certain website at a certain day and time, but the can actually reproduce the exact webpages that the suspect accessed. This can be done via analysis of the Internet Cache and this is taught in this lecture.

Cookies, Cache, and IE Artifacts
06:16

Bad guys will often hope to hide evidence of their evil websites by obfuscating their URLs. This lecture teaches students to identify these tricks and to de-obfuscate the data.

URL Obfuscation
07:09

The 5th lab asks students to analyze the suspect's Internet activity, determine where they went and what they did on the Internet, and to determine if malware was deployed via the Internet.

LAB 5 - Internet Activity Analysis
15:01
+
Windows System Forensic Artifacts - Part 1
11 Lectures 01:28:17

Creating a timeline of suspect behavior is an important part of all forensic reports. This lecture discusses techniques and strategies to employ when creating your timeline.

Timeline Analysis
12:59

Cybercrime is an international problem and often spans across many different time zones. This can create challenges for timeline analysis. This lecture discusses these challenges and introduces strategies to overcome them.

Time Zone Issues
05:16

Time Stamps
08:12

Non-Standard Timestamps and Timeline Antiforensics
07:14

MAC Time Triangulation
05:26

User Attribution and Analysis
07:40

Recycle Bin Analysis
08:10

Lab 6 - Recycle Bin Analysis
13:44

Link File Analysis
05:51

Other Locations of Interest
02:54

Lab 7 - Link File Analysis
10:51
+
Windows System Forensic Artifacts Part 2 and File Signature Analysis
9 Lectures 01:26:46
Thumbs.db and Thumbcache Analysis
05:38

Prefetch File Analysis
07:01

Lab 8 - Prefetch File Analysis
16:07

Persistent RAM Files and System Restore Functions
08:28

File Signature Analysis
07:03

Lab 9 - File Signature Analysis
10:10

Metadata Analysis
08:13

Exif Data Analysis
10:13

Lab 10 - Exif Data Analysis
13:53
+
Module 7 - Windows System Logs & Registry Analysis
11 Lectures 01:13:43
Windows Log Analysis
04:58

System and Application Event Log Analysis
05:27

Security Event Log Analysis
05:47

Dr Watson Logs
03:19

Lab 11 - Event Log Analysis
10:11

Introduction to the Windows Registry
05:29

Registry Analysis -USB Devices
03:52

Registry Analysis - NTUser.dat - Part 1
07:58

Registry Analysis - NTUser.dat - Part 2
08:25

Registry Analysis - Autostarts
06:03

Lab 12 - Registry Analysis
12:14
+
Introduction to Malware and Network Intrusions
9 Lectures 01:21:22
The Hacking Process
12:12

Hacker Motivations
15:00

Hacker Strategies
11:04

Botnet Investigations
07:01

Drive-by Downloads
05:07

Malware Propagation
06:36

Polymorphism and Packers
08:03

Social Engineering
10:14

Rootkits
06:05
+
Network Data Analysis
5 Lectures 24:41
Network Data Evidence and IP Addressing
06:50

TCP and UDP Communication Protocols
04:52

Network Communication and Ports
04:58

HTTP Analysis and DNS Poisioning
05:06

Network Scanners and Sniffers
02:55
+
Cybercrime, Cyber Terror, & Cyber Espionage Investigations
12 Lectures 01:53:12
The Blurred Lines Between Cybercrime, Cyberwar, and Cyberespionage
08:03

The Intersection of Cybercrime and Cyberwar
08:02

Russian Organized Cybercrime
15:45

Supply Chain Interdiction
04:45

Criminal Domain Investigations
06:54

Domain and IP Address Investigation Tools
08:30

Lab 13 - Criminal Domain Investigations
21:00

Stuxnet
10:14

Point of Sale Server Attacks
10:31

Point of Sale Server- Malware
08:28

Point of Sale Server- Exfiltration
03:46

Point of Sale Server- Advanced Investigative Techniques
07:14
3 More Sections
About the Instructor
Brian Hussey
4.3 Average rating
45 Reviews
183 Students
2 Courses
Expert Cybercrime Investigator

Brian Hussey, EnCE, GREM, CCE, PMP, Q/EH,

Brian Hussey leads an elite team of Cybercrime Investigators working within US Federal Law Enforcement, His team has been responsible for investigating many of the most dangerous cyber attacks ever to threaten the United States and the fortune 500 companies that form its economic backbone. His team has pursued cyber criminals throughout the world and brought them to justice. Mr. Hussey's digital forensic analysis and testimony has resulted in Russian Point of Sale hackers, child predators, and malware authors from across the globe going to jail. He is a recognized expert in the fields of computer forensics, malware analysis, memory analysis, and cyber threat intelligence. Mr. Hussey has also designed network intrusion forensics and malware analysis training for US Federal law enforcement and our International partners. He has represented the United States by teaching these topics to the national police in countries such as: Ukraine, Japan, Latvia, Estonia, Moldova, Germany, Nigeria, India, and many others.

In 2011, Mr. Hussey decided the advanced cybercrime investigation techniques used by his team should be available outside of select Government circles and he began teaching at George Mason University in the Master of Computer Forensics program. In 2014, he founded IFCI to provide this same training to cybercrime fighters throughout the world. Mr. Hussey firmly believes that International cybercrime investigators working together, and armed with the proper training, can turn the tables on the relentless scourge of cyber crime.