Network intrusion investigations focus on recreating a digital crime scene from network activity logs. Unlike traditional hard drive investigations, network forensics is akin to ‘finding a needle in a stack of needles’. We teach investigators how to collect network logs and rebuild the network attack; all in the search for the person behind the keyboard. Classes range in length from one to three weeks based on technical background.
We offer our law enforcement clients the opportunity to participate in select cyber exercises. A key component of our exercises is the incident reporting. By getting local law enforcement involved, participants in the exercises interact with real investigators. This helps eliminate the ‘guess work’ so often seen in other exercises. If a team thinks they have been compromised in the course of an exercise, they are required to collect log data and ‘call the police’. In this fashion, both sides find it a valuable learning experience. The victims get to work through the realities of working with law enforcement, while the investigator gets to work a live case.