US flag   Official website of the Department of Homeland Security

Cyber Incident Response and Analysis

Acronym: 
CIRA
Length: 
11Training Days
Locations Offered: 

Description

CIRA is designed to ensure evidence is located, preserved and analyzed with details on how to analyze evidence collected from cyber incidents.  These incidents may be from simple log files on a home router to enterprise level network witness devices.  The program will also focus on the common methods used by criminals to accesses computer systems through phishing emails and malware, as well as scanning for vulnerabilities and the examination of network traffic will be included.

 

Prerequisites

  1. Applicant must be a law enforcement officer/agent with arrest authority in the prevention, detection, apprehension, detention and/or investigation of felony and/or misdemeanor violations of federal, state, local, tribal, or military criminal laws. 
     
  2. The student is expected to have attended Seized Computer Evidence Recovery Specialist training program along with Digital Evidence Collection in an Enterprise Environment training program and/or have experience performing forensic examinations and an understanding of network topology/traffic along with the ability to capture RAM and use various virtual machines. This program will not cover the basic uses of forensic tools, imaging computer systems, their RAM or the collection of log files.

Required Training Materials

During CIRA students will be issued the following computer hardware and software items which they will take with them upon completion of the course:

  • External Hard Drive
  • Thumb drives
  • Various Books
  • USB hub
  • Network Miner Professional
  • Along with a numerous open source tools

Program Syllabus/Curriculum

  • Legal Update
  • Cyber Incident Response and Analysis (CIRA)
  • Virtual Machines
  • Forensic Analysis of Digital Data in a Windows Environment

 

Program Registration

  • The Federal Law Enforcement Training Centers (FLETC) partner with numerous federal agencies to provide law enforcement training. If you are a member of one of these Participating Organizations, please contact your agency training officer for class availability.  If your agency is not a partner organization of the FLETC and you are interested in attending a course, please contact us at FLETC Admissions. Class availability is limited for non-partner organizations. 
  • The FLETC supports our local law enforcement communities by providing training opportunities, onsite at FLETC campuses and exported to host locations across the United States. State, local and tribal officers can apply for this training at FLETC Application for Student Training (FAST).
  • For more information on all training at FLETC, please contact us at FLETC Admissions.

Program Contact Info

Glynco: (912) 267-2702