US flag   Official website of the Department of Homeland Security

Cyber Incident Response and Analysis

Acronym: 
CIRA
Length: 
11Training Days
Locations Offered: 

Description

CIRA is designed to ensure evidence is located, preserved and analyzed with details on how to analyze evidence collected from cyber incidents.  These incidents may be from simple log files on a home router to enterprise level network witness devices.  The program will also focus on the common methods used by criminals to accesses computer systems through phishing emails and malware, as well as scanning for vulnerabilities and the examination of network traffic will be included.

 

Prerequisites

  1. Applicant must be a law enforcement officer/agent with arrest authority in the prevention, detection, apprehension, detention and/or investigation of felony and/or misdemeanor violations of federal, state, local, tribal, or military criminal laws. 
     
  2. The student is expected to have attended Seized Computer Evidence Recovery Specialist training program along with Digital Evidence Collection in an Enterprise Environment training program and/or have experience performing forensic examinations and an understanding of network topology/traffic along with the ability to capture RAM and use various virtual machines. This program will not cover the basic uses of forensic tools, imaging computer systems, their RAM or the collection of log files.

Required Training Materials

During CIRA students will be issued the following computer hardware and software items which they will take with them upon completion of the course:

  • External Hard Drive
  • Thumb drives
  • Various Books
  • USB hub
  • Network Miner Professional
  • Along with a numerous open source tools

Program Syllabus/Curriculum

  • Legal Update
  • Cyber Incident Response and Analysis (CIRA)
  • Virtual Machines
  • Forensic Analysis of Digital Data in a Windows Environment

 

Program Registration

  • Federal organization personnel should contact their agency training officer to register for training.  If you do not know your agency representative you may contact: FLETCAdmissions@fletc.dhs.gov for assistance.
     
  • State, local and tribal officers requesting training should apply online. If organizational support is required or you have additional needs, please email FLETCAdmissions@fletc.dhs.gov.
     
  • International (non-US) personnel should email FLETC-intlrqst@fletc.dhs.gov or telephone 912-261-4023.

Program Contact Info

Glynco: (912) 267-2702