We may earn an affiliate commission when you visit our partners.
Course image
Brian Hussey

What is the IFCI Cybercrime Investigator's Course?

IFCI’s flagship training program is the IFCI-CCI (Cybercrime Investigator) Training course. The IFCI-CCI teaches students the skills necessary to respond to all kinds of cybercrime incidents, from initial incident response and digital crime scene evidence acquisition to advanced forensic analysis and tracking International cybercriminals across the Internet.

Read more

What is the IFCI Cybercrime Investigator's Course?

IFCI’s flagship training program is the IFCI-CCI (Cybercrime Investigator) Training course. The IFCI-CCI teaches students the skills necessary to respond to all kinds of cybercrime incidents, from initial incident response and digital crime scene evidence acquisition to advanced forensic analysis and tracking International cybercriminals across the Internet.

The main goal for this course is to empower the nation’s cyber investigators with the knowledge, skills and abilities to undertake and successfully carry out their own investigations. This course is the first step for investigators to turn the tables on cyber criminals who are fleecing legitimate economies worldwide of billions of dollars every year.

Some Course highlights include:

  • 15 hands-on labs - devised of real world scenarios
  • Analysis of Windows forensic artifacts
  • Volatile memory analysis
  • Network intrusion investigations
  • Internet activity and email analysis
  • Network traffic data analysis
  • International cybercriminal profiling
  • Attack vector identification
  • Dynamic malware analysis

Who Should Take this course?

Anybody whose job requires them to respond to cyber incidents, or anyone with an interest in cybercrime investigation, should take the IFCI-CCI training course. This course will help you by providing fast solutions to the following emergency situations:

Corporate Risk/Security - Intellectual Property Theft Case: Your Research and Development Director quits and goes to work for a competitor.

  • Can you determine if he copied your company’s secrets to a USB drive to take with him?

Police Investigations - Kidnapping Case: A child is taken from his home at night and the family receives an email with a proof-of-life picture and ransom demand.

  • Can you extract IP addresses from the email headers to track the offender back to his location, or extract lat/long coordinates from the picture’s EXIF data to determine the exact location the picture was taken?

IT Security Team - Rogue Malware Case: You discover malware on an internal corporate computer but you don’t know what it does or why it’s there.

  • Can you analyze the malware, determine its capabilities, identify its target data, and destroy its data exfiltration file before your corporate proprietary information is lost?

Federal Cyber Agent - Botnet Investigation Case: You’ve tracked botnet malware back to a specific set of command and control servers, but what’s the next step?

  • Can you determine the server’s physical location in the world and research current and historical whois information? Are you able to research other malicious domains associated with the same IP address and track Command and Control proxy servers back to specific malicious actors?

E-Discovery Analyst - File access case: You’ve recovered and indexed thousands of PDF files on a computer. One was flagged as key to the case and you are asked if the computer owner knew of and accessed this file.

  • Can you examine the Windows registry and link files to determine the exact time and date that specific users accessed individual files?

Why take this course?

Cybercrime is epidemic. The headlines declare it daily:

  • 2015 - SONY is devastated by an attack that destroys its internal systems, steals terabytes of private data, posts unreleased movies on Internet torrent sites, and humiliates corporate executives. The cost to corporate image and revenue stream is uncountable.
  • 2014 - Home Depot is hacked, losing an estimated 55 million credit cards to the cybercrime underground.
  • 2013 - Russian Hackers steal 40 million credit cards from Target, resulting in approx $1 billion in losses to the company.
  • 2012 - The Shamoon virus destroys nearly 30,000 Saudi Aramco Computers, temporarily shutting down one of the world’s largest corporations.
  • 2011 - SONY data breach lost personal details and payment information for approximately 77 million customers, resulting in massive monetary loss and the temporary closure of the PlayStation Gaming Network.

The corporations victimized in these situations were unprepared to respond to the attacks causing delayed investigations and reduced information flow to decision-making executives. Eventually, they contracted out the investigations to high-priced consultants, whose investigative results were often too little, too late.

IFCI-CCI’s mission is to provide our students the knowledge and skills necessary to respond to network attacks immediately, analyze the evidence, produce actionable cyber-intelligence, and implement it to shore up security vulnerabilities before they become massive breaches like those mentioned above.

There is a dearth of quality training in computer forensics, even less for hacker and malware focused investigations, and almost nothing that is available in a convenient online format that can be studied from the comfort of your own home, and fit to your own schedule. IFCI fills this void by providing the finest cybercrime investigation training in the world, created and delivered by some of the world’s foremost experts in their field, and streamed directly to any Internet-connected device you choose to employ.

Enroll now

Here's a deal for you

We found an offer that may be relevant to this course.
Save money when you learn. All coupon codes, vouchers, and discounts are applied automatically unless otherwise noted.

What's inside

Learning objectives

  • Respond to cybercrime incidents, forensic acquisition, volatile memory acquisition, and live system analysis.
  • Conduct full system computer forensic investigation, recover deleted files, carve data structures from unallocated space.
  • Identify, extract, and analyze malware.
  • Analyze data breach incidents to determine if and what data was stolen.
  • Conduct volatile memory analysis using volatility.
  • Learn the history of cybercrime, how it intertwines with organized crime, is monetized, cyber espionage, cyber terror and nation state sponsored attacks.
  • Learn hacker tactics, techniques, and procedures - and how to defend against them.
  • Learn techniques to pursue cybercriminals across the globe.
  • Testify as an expert witness against computer criminals.
  • Take the exam and become a professional ifci certified cybercrime investigator (ifci-cci)

Syllabus

Computer Forensics Core Concepts

This section introduces students to the world of computer forensics. It examines what life is really like for a computer forensic analyst on a daily basis, examining both the fascinating and exciting aspects of the job, along with the challenges and difficulties we face. The goal is to honestly help students decide whether this is truly a career they wish to pursue.

Read more

This lecture explores the different types of careers available for computer forensic specialists and provides general strategies for determining what type of specialty students may be interested in pursuing.

People's lives and freedom are often determined based on the quality of our analysis. It is vital to understand this and the importance of this and how to present our findings fairly and properly in a court of law. That is the focus of this lecture.

This lecture examines different types of tools available to the computer forensic examiner, how to verify their accuracy, and the debate surrounding the "approved tool list" vs. the " any tool to get the job done" approach to forensic lab policies.

Digital evidence comes in many different forms and can be difficult to identify when deploying to cybercrime scenes. This lecture trains students to identify the various different types of evidence that can be analyzed.

The IFCI Cybercrime Investigator course provides 15 hands-on, real world labs where students will investigate a case using forensic tools and forensic evidence, all provided by the instructor free of charge. Students will need to do some basic steps to set their Windows computer up for the labs. This lecture walks you through all you will need to do in order to tackle all 15 labs.

Forensic Acquisitions: Theory & Practice

The evidence acquisition stage of forensics is vital to future analysis. Mistakes here can create faulty evidence and cause all findings to be inadmissible in court. This lecture explains chain of custody and proper acquisition processes in detail.

The hash serves as a digital fingerprint for all data types but they can also serve many other uses for forensic examiners. This lecture explores the many different kinds of hashes and how to use them in forensics.

In this hands-on lab students will use instructor provided tools and evidence to analyze files using specific hash algorithims.

This lecture dives deeper into the technical aspects and procedures required for proper forensic image acquisition.

Over the years, the traditional theory of acquisition was to 'make no changes' to the evidence, however, this theory has given way to a more modern theory to 'make minimal changes to the evidence' because this was necessary to overcome modern challenges presented by encryption and other data hiding techniques. This lecture explores the differences between these two approaches and when each should be used.

Volatile memory (RAM), is a vital part of modern forensic analysis. This lecture teaches how to conduct RAM acquisitions in a forensic manner.

In the second hands-on lab students will use instructor provided materials to conduct their own incident response and forensic acqusition.

File Systems, Data Structures, and File Deletion Recovery

This lecture teaches about the differences between file systems and operating systems in modern computing.

How do bits and bytes turn into the information a user actually sees on a computer? How does data exist on a computer and how is it used by the system? These are questions that are vital to understand before we can begin to extract forensic evidence of user activity from the computer. This lecture teaches the basic bits and bytes that make up computer forensics.

Evidential data can be hidden in many places on a computer system. Slack space may retain key information from deleted files that would otherwise be unrecoverable. This lecture both teaches how to identify and extract evidence from slack space, as well as how to recover user-deleted files.

Different computer file systems have different specifications and may require unique approaches to evidence recovery. This lecture explores the unique requirements presented by specific file systems.

FAT (File Allocation Table) file systems are used frequently in older computers and USB drives. This lecture explores FAT file system specifics.

NTFS (New Technology File Systems) is the ubiquitous file system used in modern Windows computers. This lecture explores NTFS specifics and how they impact forensic investigations.

Important forensic evidence may exist in areas of a computer's hard drive that are completely inaccessible to the Operating System. Partial or complete files can still be recovered even though there is no way to recover this data using standard tools. This can be done via a process called file caving; this is the focus of this lecture.

Lab 3 Deleted File Recovery
Email & Internet History Analysis

Email is the most common communication method in modern business and personal correspondence. It is also a primary location to find evidence of criminal activity. This lecture explores forensic analysis of email.

Recovery of email that is primarily stored on the computer's hard drive is much less challenging than web-based email, such as Gmail or Yahoo mail. This lecture discusses the various aspects of both types of email analysis.

Email contains a vast amount of additional information, if you know where to look. This lecture teaches how to determine the source of email attacks by header analysis, as well as teaching how Base64 is used in modern email transmission and its importance to forensic investigations.

The 4th lab asks students extract suspect email from a real forensic image and to use instructor provided tools to begin their investigation. They are also asked to determine how malware was used to attack the victim computer via an email vector.

Did you know that forensic analysis enables an investigator to recover all Internet searches, maps, and pages that a suspect ever visited? This lecture introduces the topic of Internet activity analysis.

Google Chrome is now the most popular Internet browser on the market and Firefox has been a popular browser for years. This lecture teaches how to recover forensic artifacts that will show all suspect Internet activity conducted with these two browsers.

Internet Explorer has long been a leading Internet browser. Analysis of IE's forensic artifacts has changed little until version 10, which shipped with Windows 8. This lecture will show IE forensic artifacts that can be recovered from both versions.

Oftentimes a forensic investigator can not only say a suspect visited a certain website at a certain day and time, but the can actually reproduce the exact webpages that the suspect accessed. This can be done via analysis of the Internet Cache and this is taught in this lecture.

Bad guys will often hope to hide evidence of their evil websites by obfuscating their URLs. This lecture teaches students to identify these tricks and to de-obfuscate the data.

The 5th lab asks students to analyze the suspect's Internet activity, determine where they went and what they did on the Internet, and to determine if malware was deployed via the Internet.

Windows System Forensic Artifacts - Part 1

Creating a timeline of suspect behavior is an important part of all forensic reports. This lecture discusses techniques and strategies to employ when creating your timeline.

Cybercrime is an international problem and often spans across many different time zones. This can create challenges for timeline analysis. This lecture discusses these challenges and introduces strategies to overcome them.

Time Stamps
Non-Standard Timestamps and Timeline Antiforensics
MAC Time Triangulation
User Attribution and Analysis
Recycle Bin Analysis
Lab 6 - Recycle Bin Analysis
Link File Analysis
Other Locations of Interest
Lab 7 - Link File Analysis
Windows System Forensic Artifacts Part 2 and File Signature Analysis
Thumbs.db and Thumbcache Analysis
Prefetch File Analysis
Lab 8 - Prefetch File Analysis
Persistent RAM Files and System Restore Functions
File Signature Analysis
Lab 9 - File Signature Analysis
Metadata Analysis
Exif Data Analysis
Lab 10 - Exif Data Analysis
Module 7 - Windows System Logs & Registry Analysis
Windows Log Analysis
System and Application Event Log Analysis
Security Event Log Analysis
Dr Watson Logs
Lab 11 - Event Log Analysis
Introduction to the Windows Registry
Registry Analysis -USB Devices
Registry Analysis - NTUser.dat - Part 1
Registry Analysis - NTUser.dat - Part 2
Registry Analysis - Autostarts
Lab 12 - Registry Analysis
Introduction to Malware and Network Intrusions
The Hacking Process
Hacker Motivations
Hacker Strategies
Botnet Investigations
Drive-by Downloads
Malware Propagation
Polymorphism and Packers
Social Engineering
Rootkits
Network Data Analysis
Network Data Evidence and IP Addressing
TCP and UDP Communication Protocols
Network Communication and Ports
HTTP Analysis and DNS Poisioning
Network Scanners and Sniffers
Cybercrime, Cyber Terror, & Cyber Espionage Investigations
The Blurred Lines Between Cybercrime, Cyberwar, and Cyberespionage
The Intersection of Cybercrime and Cyberwar
Russian Organized Cybercrime
Supply Chain Interdiction
Criminal Domain Investigations
Domain and IP Address Investigation Tools
Lab 13 - Criminal Domain Investigations
Stuxnet
Point of Sale Server Attacks
Point of Sale Server- Malware
Point of Sale Server- Exfiltration
Point of Sale Server- Advanced Investigative Techniques
Volatile Memory Analysis
Volatile Memory Analysis Introduction

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Covers key concepts of computer forensics, including data acquisition, identification, and analysis techniques, which are essential skills for cybercrime investigations
Led by Brian Hussey, a renowned expert in cybercrime investigation and digital forensics, providing learners with access to industry-leading knowledge and expertise
Provides several hands-on labs featuring real-world scenarios, enabling learners to apply theoretical knowledge in practical situations and develop proficiency in cybercrime investigation techniques
Covers topics such as malware analysis, network intrusion investigations, and international cybercriminal profiling, which are crucial aspects of modern cybercrime investigations
Emphasizes the importance of understanding the tactics, techniques, and procedures used by cybercriminals, enabling learners to stay ahead of potential threats and vulnerabilities

Save this course

Save IFCI Expert Cybercrime Investigator's Course to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in IFCI Expert Cybercrime Investigator's Course with these activities:
Review fundamental compiler concepts
Review basic compiler concepts such as lexing, parsing and code generation in order to strengthen understanding of the concepts
Show steps
  • Read textbook notes on lexing and parsing
  • Practice solving problems on lexing and parsing
Review data structures and algorithms
Review basic data structures (such as stacks, queues, linked lists, trees, and graphs) and algorithms (such as sorting and searching algorithms) to strengthen understanding of the concepts
Browse courses on Data Structures
Show steps
  • Read textbook notes on data structures and algorithms
  • Practice solving problems on data structures and algorithms
Create a collection of resources on compiler design
Gather and organize resources on compiler design to create a valuable reference for future learning and reference
Browse courses on Compiler Design
Show steps
  • Search for resources on compiler design (e.g., articles, tutorials, videos)
  • Organize the resources into a collection (e.g., using a website, blog, or document)
Six other activities
Expand to see all activities and additional details
Show all nine activities
Solve coding challenges
Practice solving coding challenges on platforms such as LeetCode or HackerRank to improve problem-solving skills and reinforce understanding of algorithms and data structures
Browse courses on Coding
Show steps
  • Choose a coding challenge platform (e.g., LeetCode, HackerRank)
  • Select a difficulty level (e.g., Easy, Medium, Hard)
  • Solve coding challenges and review solutions
Watch video tutorials on compiler design
Watch video tutorials on compiler design to gain a deeper understanding of the concepts and techniques involved in compiler construction
Browse courses on Compiler Design
Show steps
  • Search for video tutorials on compiler design on platforms such as YouTube or Coursera
  • Watch the tutorials and take notes
Create a presentation on a compiler design topic
Create a presentation on a specific topic in compiler design to reinforce understanding of the topic and improve communication skills
Browse courses on Compiler Design
Show steps
  • Choose a topic in compiler design
  • Research the topic and gather information
  • Create a presentation using slides or other visual aids
  • Practice presenting the topic
Build a simple compiler
Build a simple compiler from scratch to gain practical experience in applying compiler design concepts and techniques
Browse courses on Compiler Design
Show steps
  • Design the compiler architecture
  • Implement the lexical analyzer
  • Implement the parser
  • Implement the code generator
  • Test and debug the compiler
Attend a workshop on compiler design
Attend a workshop on compiler design to learn from experts in the field and engage in hands-on activities
Browse courses on Compiler Design
Show steps
  • Search for workshops on compiler design
  • Register for a workshop
  • Attend the workshop and participate in activities
Contribute to open-source compiler projects
Contribute to open-source compiler projects to gain practical experience and collaborate with others in the field
Browse courses on Compiler Design
Show steps
  • Find open-source compiler projects on platforms such as GitHub
  • Identify areas where you can contribute
  • Submit pull requests with your contributions

Career center

Learners who complete IFCI Expert Cybercrime Investigator's Course will develop knowledge and skills that may be useful to these careers:
Computer Forensics Investigator
Computer forensics investigators respond to cybercrime incidents, collect evidence from computers and other devices, and analyze digital evidence to help solve crimes. This course provides computer forensics investigators with the skills and knowledge necessary to investigate cybercrimes, such as data breaches, malware attacks, and identity theft. The course covers topics such as computer forensics core concepts, forensic acquisitions, file systems and data structures, file deletion recovery, email and internet history analysis, Windows system forensic artifacts, volatile memory analysis, and malware analysis.
Cybersecurity Analyst
Cybersecurity analysts protect computer systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction. This course provides cybersecurity analysts with the skills and knowledge necessary to protect computer systems and networks from cyberattacks, such as malware attacks, phishing attacks, and denial of service attacks. The course covers topics such as computer forensics core concepts, network security, intrusion detection, and malware analysis.
Digital Forensics Analyst
Digital forensics analysts collect, examine, and analyze digital evidence to help solve crimes and prevent future cyberattacks. This course provides digital forensics analysts with the skills and knowledge necessary to collect, examine, and analyze digital evidence from a variety of sources, such as computers, mobile devices, and cloud storage. The course covers topics such as computer forensics core concepts, forensic acquisitions, file systems and data structures, file deletion recovery, and malware analysis.
IT Security Auditor
IT security auditors assess the security of computer systems and networks to identify vulnerabilities and recommend improvements. This course provides IT security auditors with the skills and knowledge necessary to assess the security of computer systems and networks, identify vulnerabilities, and recommend improvements. The course covers topics such as computer forensics core concepts, network security, intrusion detection, and malware analysis.
Information Security Analyst
Information security analysts protect information from unauthorized access, use, disclosure, disruption, modification, or destruction. This course provides information security analysts with the skills and knowledge necessary to protect information from cyberattacks, such as malware attacks, phishing attacks, and denial of service attacks. The course covers topics such as computer forensics core concepts, network security, intrusion detection, and malware analysis.
Malware Analyst
Malware analysts identify, analyze, and mitigate malware threats. This course provides malware analysts with the skills and knowledge necessary to identify, analyze, and mitigate malware threats. The course covers topics such as computer forensics core concepts, malware analysis, and reverse engineering.
Network Security Engineer
Network security engineers design, implement, and maintain network security systems to protect networks from unauthorized access, use, disclosure, disruption, modification, or destruction. This course provides network security engineers with the skills and knowledge necessary to design, implement, and maintain network security systems. The course covers topics such as computer forensics core concepts, network security, intrusion detection, and malware analysis.
Penetration Tester
Penetration testers assess the security of computer systems and networks by simulating cyberattacks. This course provides penetration testers with the skills and knowledge necessary to assess the security of computer systems and networks by simulating cyberattacks. The course covers topics such as computer forensics core concepts, network security, intrusion detection, and malware analysis.
Security Consultant
Security consultants provide advice and guidance to organizations on how to protect their computer systems and networks from cyberattacks. This course provides security consultants with the skills and knowledge necessary to provide advice and guidance to organizations on how to protect their computer systems and networks from cyberattacks. The course covers topics such as computer forensics core concepts, network security, intrusion detection, and malware analysis.
Systems Administrator
Systems administrators manage and maintain computer systems and networks. This course provides systems administrators with the skills and knowledge necessary to manage and maintain computer systems and networks. The course covers topics such as computer forensics core concepts, network security, intrusion detection, and malware analysis.
Technical Support Specialist
Technical support specialists provide technical support to users of computer systems and networks. This course provides technical support specialists with the skills and knowledge necessary to provide technical support to users of computer systems and networks. The course covers topics such as computer forensics core concepts, network security, intrusion detection, and malware analysis.
Web Developer
Web developers design and develop websites. This course may be useful for web developers who want to learn more about computer forensics and cybersecurity.
Software Engineer
Software engineers design, develop, and maintain software applications. This course may be useful for software engineers who want to learn more about computer forensics and cybersecurity.
Database Administrator
Database administrators manage and maintain databases. This course may be useful for database administrators who want to learn more about computer forensics and cybersecurity.
Chief Information Security Officer (CISO)
The Chief Information Security Officer (CISO) is responsible for the overall security of an organization's information systems. This course may be useful for CISOs who want to learn more about computer forensics and cybersecurity.

Reading list

We've selected six books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in IFCI Expert Cybercrime Investigator's Course.
Provides a practical guide to memory forensics, covering topics such as how to collect and analyze memory dumps, how to detect malware and threats in memory, and how to use memory forensics tools.
Provides a practical guide to malware analysis, covering topics such as how to identify and classify malware, how to analyze malware using static and dynamic analysis techniques, and how to use malware analysis tools.
Provides a comprehensive overview of social engineering, a type of cyberattack that relies on human interaction to gain access to sensitive information or systems.
Comprehensive textbook on computer security that covers the essential principles and practices of the field. It good resource for students who are new to computer security or who want to learn more about the field.
Comprehensive textbook on cryptography that covers the essential principles and practices of the field. It good resource for students who are new to cryptography or who want to learn more about the field.
Provides a comprehensive guide to threat modeling that covers the essential principles and practices of the field. It good resource for anyone who wants to learn more about threat modeling.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to IFCI Expert Cybercrime Investigator's Course.
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser