CIRA is designed to ensure evidence is located, preserved and analyzed with details on how to analyze evidence collected from cyber incidents. These incidents may be from simple log files on a home router to enterprise level network witness devices. The program will also focus on the common methods used by criminals to accesses computer systems through phishing emails and malware, as well as scanning for vulnerabilities and the examination of network traffic will be included.
- Applicant must be a law enforcement officer/agent with arrest authority in the prevention, detection, apprehension, detention and/or investigation of felony and/or misdemeanor violations of federal, state, local, tribal, or military criminal laws.
- The student is expected to have attended Seized Computer Evidence Recovery Specialist training program along with Digital Evidence Collection in an Enterprise Environment training program and/or have experience performing forensic examinations and an understanding of network topology/traffic along with the ability to capture RAM and use various virtual machines. This program will not cover the basic uses of forensic tools, imaging computer systems, their RAM or the collection of log files.
Required Training Materials
During CIRA students will be issued the following computer hardware and software items which they will take with them upon completion of the course:
- External Hard Drive
- Thumb drives
- Various Books
- USB hub
- Network Miner Professional
- Along with a numerous open source tools
- Legal Update
- Cyber Incident Response and Analysis (CIRA)
- Virtual Machines
- Forensic Analysis of Digital Data in a Windows Environment
Program Contact Info
Glynco: (912) 267-2702