Cyber Threat Forensic Investigator

The Cyber-Threat Forensic Investigator (CTFI): provides students the essential domain knowledge required to serve in decision-making roles throughout the cyber-security industry. Students will learn how to analyze cyber-security risks, develop appropriate protection & response options, and assess operational requirements for government, military, critical infrastructure, retail and commercial missions. Upon completing the board certification, students will possess advanced knowledge of the strategy, policy, investigation, intelligence, prosecution and analytic aspects of cyber-security, enabling them to fill critical roles in operational cyber-security investigative missions supporting both retail and governmental entities.

“To Catch A Thief It Takes A Thief, To Catch A Hacker It Takes A Hacker.”

National Cyber Security Corporation has found that cyber-security work involves more than traditional IT skills. Cyber security work also includes the identification, investigation, prosecution, root cause analysis, trends and intelligence / counterintelligence methodologies to understand how perpetrators think, act and carry out their attacks. By becoming a CTFI you will possess a wide array of technical IT skills as well as advanced investigative, intelligence, counterintelligence, prosecution and analytical capabilities.

Students will be able to:

  • Discuss in depth the origins, nature, and current issues in cyber-security and its related activities using precise terminology
  • Apply a range of cyber intelligence and investigative concepts to mitigate risks in cyber-security operations and prosecute instances of attacks
  • Develop and apply decision frameworks using the guidelines of cyber-security, investigations ethics, law, and strategy
  • Design strategies for development of an effective cyber-security, intelligence, and investigation workforce
  • Analyze technical and operational requirements for future cyber-security & investigation systems
  • Compare and contrast international cyber-security and investigation policies, strategies, and capabilities
  • Identify the missions, authorities, and responsibilities of key cyber-security organizations within the international community
  • Apply the theory of cyber deterrence in developing future cyber-security strategies and policies
  • Analyze and apply lessons from prominent international cyber-security case studies, investigations and prosecutions

Course Curriculum

Welcome to the CTFI Board Certification Program

  • Introduction to the CTFI
  • Group Forum Discussion: Introduce Yourself
  • Code of Ethics (Reading Assignment)
  • Course Resources

Introduction to Cyber Security

  • Intro to Cyber Investigations
  • How Cyber Criminals Attack
  • Conducting Cyber Investigations
  • Cyber Investigations 101
  • How to Investigate Email Headers

Introduction to Cyber Warfare

  • Introduction to Cyber Warfare
  • Cyber Warfare (Reading Assignment)
  • Cyber Warfare Quiz

Global Cyber Capabilities and Trends

  • Global Cyber Capabilities and Trends
  • Discussion Assignment: Global Cyber Capabilities and Trends

Global Cyber Threats, Attacks, Vehicles, and Mechanisms (Hacking 101)

  • Cyber Threats – Attacks – Vehicles FREE
  • Reading assignment
  • Global Threats – Prep Review Quiz

Cyber Threat Modeling

  • Threat Modeling Overview
  • Definitions and Motivations
  • Organizational Pre-requisites
  • Scoping the Effort and Kicking Off the Process
  • Identifying External Dependencies and Specifying Use Cases
  • Threat Generation, Threat Analysis and Threat Response
  • Reporting
  • Microsoft’s Threat Modeling: Reading Assignment
  • Additional Resources: External Links
  • Cyber Threat Modeling Prep Review Quiz
  • Security Systems
  • Introduction to I.T Security
  • Information Security Awareness
  • Top Hackers Show us How it’s done!
  • 7 Things Every CEO Should Know About Information Security
  • Discussion

Intrusions & Attacks: Cyber Attacks on Retailers

  • Attacks on Retailers: Target Breach
  • Inside a Target Breach
  • Point of Sale System Breaches
  • Discussion-Cyber Attacks on Retailers

Intrusions & Attacks: Personal Information Breaches

  • Intrusion Attacks on Personal Information (Reading Assignment)
  • Top 9 Web Hacking Techniques
  • 5 Most Dangerous New Hacking Techniques
  • Drinkman Indictment
  • Discussion-Drinkman

Intrusions & Attacks: Cyber Attacks on Government

  • Cyber Attacks on Government (Reading Assignment)
  • Cyber Attacks on Government Prep Review Quiz

Intrusions & Attacks: Cyber Attacks on Law Enforcement

  • Discussion

Intrusions & Attacks: Memory Scraping – Parsing Malware

  • Memory & Malware (Reading Assignment)
  • Debugging Software Memory (Reading Assignment)
  • Discussion

Credit Card Fraud: Payment Processing (e-commerce fraud)

  • eCommerce Fraud & Credit Card Processing
  • Case Study: Home Depot Breach
  • Case Study 2: Update Home Depot Breach
  • Financial Investigations Cheat Sheet
  • eCommerce Fraud: Prep Review Quiz

Investigative Methods: Digital & Computer Forensics

  • Definitive Guide to Digital Forensics
  • Investigating Email Crimes
  • Examining Email Messages
  • Viewing Email Headers
  • Mobile Forensics
  • Forensic Examination of Mobile Devices

Investigative Methods: Exploring TOR and the Deep Web

  • The Deep Web
  • Getting Started with TOR
  • Introducing the TOR Project
  • The Secrets Behind the TOR Browser
  • The Deep Web (Fun Overview)
  • Exploration 1

Investigative Methods: Using Open Source Intelligence

  • Open Source Intelligence (Reading Assignment)
  • Exploring Open Source Intelligence

Investigative Methods: Background Investigations

  • Discussion-Background Investigations

Cyber Intelligence & Counterintelligence Operations

  • Counter-Intelligence Methodologies
  • Cyber Terrorism in the News
  • Cyber Counter-Terrorism
  • Cyber Threat Concerns
  • Discussion

Intelligence Methodologies: How to gather intelligence

  • Intelligence Methodologies (Reading Assignment)
  • How to Gather Intelligence – Introduction
  • How to Gather Intelligence – Basic Concepts
  • How To Gather Intelligence – Intel as a Continuous Cycle
  • How to Gather Intelligence – Intel Disciplines
  • How to Gather Intelligence – Threat Intel Landscape
  • How to Gather Intelligence – The Threat Intelligence Journey
  • How to Gather Intelligence – Special Considerations


Intelligence Methodologies: Where cyber criminals sell their data & information

  • Gathering Intelligence on Carding Forums
  • Discussion

Intelligence Methodologies: How to Gather Intelligence on Social Media Websites

  • An Overview of Social Media Investigations
  • Social Media Demographics
  • Criminals on Facebook
  • How to be Successful in Social Media Investigations
  • How to Locate Accomplices & Co-conspirators (Belief Propagation)
  • Live Tutorial: Profile Information
  • Facebook Intelligence: The Friends List
  • Facebook Intelligence: The Conversation Wall
  • Facebook Information Tab
  • Live Tutorial: Facebook Wall
  • Facebook Timeline
  • How to Gather Intelligence in Facebook Groups
  • How Fraudsters Create Phishing Schemes
  • How to Avoid the Pitfalls of Private Profiles
  • Subpoenas & Search Warrants
  • How to Locate People on MySpace
  • MySpace Intelligence: Gather Information on the Profile Wall
  • MySpace Intelligence: Details in the Friends List
  • How to Find People on Bebo
  • How to Gather Intelligence from the Bebo Profile
  • Bebo: An Overview Into the Friends List
  • Bebo: A Look Into the Details in Groups
  • LinkedIn: Gathering Intelligence from the Profile
  • Using the Power of Google on LinkedIn
  • How to Use Google’s Site Search Effectively for Cyber Investigations
  • How to Utilize Google’s Double Quotes
  • What are the Ethical Considerations When doing Social Media Investigations
  • Tools and Resources Available for Social Media Investigations


Intelligence Methodologies: How to Gather Intelligence on eCommerce & Auction Websites

  • eCommerce Fraud Investigations (Reading Assignment)
  • eCrime Investigations – Introduction
  • Where is eCrime Most Prevalent
  • Fencing Vs. eFencing
  • eCommerce Challenges to Investigating Fraudsters
  • Prosecution Challenges
  • Prosecution Requirements
  • Science Meets eCrime
  • eBay The World’s Largest Auction Platform
  • Boosters Selling on eBay
  • eBay Fraudsters – Let’s Find Them
  • eBay Listing Overview
  • Advanced Search Overview
  • Search Results Overview
  • Auction Listing Details
  • Feedback Systems and How Fraudsters Use Them
  • Ebay Feedback Review – First 30 Days
  • Craigslist Overview
  • Craigslist Listings
  • Craigslist Investigations
  • Google Boolean Searches – Site Search
  • Discussion-eBay Investigation
  • Discussion-Craigslist Investigation:


Intelligence Methodologies: How to Gather Intelligence on Chat Websites and Applications

  • Introduction to Gathering Intelligence on Mobile Apps
  • Skype Sign Up
  • Web Platform and Features
  • Skype App and Searching
  • Google Hangouts Intro
  • Google Plus
  • Hangouts Tutorial
  • Google Hangouts Mobile
  • Oovoo
  • Oovoo Chat Window
  • Gathering Intel on Facetime
  • Gathering Intel on Tango


Counterintelligence Methodologies: 200+ of the Best Open Source Intelligence Resources

  • The Ultimate Guide to OSINT (Reading Assignment)

Preparation & Response: Data Breach Preparedness

  • How to Prepare for Data Breaches FREE
  • Data Breach Preparedness (Reading Assignment)
  • Preparation & Response: Preparedness Plan Audit
  • Preparedness Plan Audit Overview
  • Preparedness Plan Audit (Reading Assignment)
  • Discussion-Audit


Preparation & Response: Data Breach Incident responses

  • Incident Response (Reading Assignment)
  • Prep Review Quiz

Preparation & Response: Notification and Disclosure

  • Data Breach Notifications and Disclosure
  • Data Breach Notification and Protection Act
  • Data Breach Charts
  • Discussion

Legal Considerations

  • Introduction to Legal Fundamentals
  • Understanding Your Role as an Investigator
  • Understanding Your Employees Rights
  • The Electronic Communications Privacy Act
  • Understanding Law Enforcement Concerns
  • An Agent of the Law
  • Federal Laws to Prosecute CyberCrimes
  • Legal Considerations Quiz

Search and Seizure

  • Search and Seizure Intro
  • Search and Siezure (Reading Assignment)

Expert Witness Testimony

  • Becoming an Expert Witness
  • Dauberts Standards, What is it?
  • Common Task of an Expert Witness
  • Preparing to Become an Expert Witness
  • Your Role as a Consultant
  • How to Prepare Your Testimony for Court
  • Preparing Forensic and Computer Evidence
  • Summary


This is course is taught by instructors from National Cyber Security Corporation. Out instructors are trained by Government, Military, McAfee Institute or has had real world experience in the subject matter for more than 15 years.