Cybersecurity Investigation | Nice Framework

Cyber Investigation (INV)

Cyber Investigation applies tactics, techniques, and procedures for a full range of investigative tools and processes to include, but not limited to, interview and interrogation techniques, surveillance, counter surveillance, and surveillance detection, and appropriately balances the benefits of prosecution versus intelligence gathering.

Work Role Definition
Identifies, collects, examines, and preserves evidence using controlled and documented analytical and investigative techniques.
Recommended SANS Training & GIAC Certification:
- FOR498: Battlefield Forensics & Data Acquisition
  - Certification: GIAC Battlefield Forensics and Acquisition (GBFA)
- FOR308: Digital Forensics Essentials
- FOR500: Windows Forensic Analysis
  - Certification: GIAC Certified Forensic Examiner (GCFE)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
  - Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR509: Enterprise Cloud Forensics and Incident Response
- FOR528: Ransomware for Incident Responders
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
  - Certification: GIAC Network Forensic Analyst (GNFA)
- FOR608: Enterprise-Class Incident Response & Threat Hunting
- FOR585: Smartphone Forensic Analysis In-Depth
  - Certification: GIAC Advanced Smartphone Forensics (GASF)
- FOR518: Mac and iOS Forensic Analysis and Incident Response
  - Certification: GIAC iOS and macOS Examiner (GIME)
- FOR578: Cyber Threat Intelligence
  - Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
  - Certification: GIAC Reverse Engineering Malware (GREM)
- FOR710: Reverse-Engineering Malware: Advanced Code Analysis

Digital Forensics (FOR)

Digital Forensics collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability mitigation, and/or criminal, fraud, counterintelligence or law enforcement investigations.

Work Role Definition:
Conducts deep-dive investigations on computer-based crimes establishing documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents.

Recommended SANS Training & GIAC Certification
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
- FOR509: Enterprise Cloud Forensics and Incident Response
- FOR528: Ransomware for Incident Responders
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
  - Certification: GIAC Network Forensic Analyst (GNFA)
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
  - Certification: GIAC Reverse Engineering Malware (GREM)
- FOR578: Cyber Threat Intelligence
  - Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR509: Enterprise Cloud Forensics and Incident Response
  - Certification: GIAC Cloud Forensics Responder (GCFR)
- FOR518: Mac and iOS Forensic Analysis and Incident Response
  - Certification: GIAC iOS and macOS Examiner (GIME)
- FOR608: Enterprise-Class Incident Response & Threat Hunting
- FOR710: Reverse-Engineering Malware: Advanced Code Analysis
- FOR308: Digital Forensics Essentials
- SEC573: Automating Information Security with Python
  - Certification: GIAC Python Coder (GPYC)
Work Role Definition:
Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation.

Recommended SANS Training & GIAC Certification
- FOR500: Windows Forensic Analysis
  - Certification: GIAC Certified Forensic Examiner (GCFE)
- FOR308: Digital Forensics Essentials
- FOR498: Battlefield Forensics & Data Acquisition
  - Certification: GIAC Battlefield Forensics and Acquisition (GBFA)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
  - Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR509: Enterprise Cloud Forensics and Incident Response
  - Certification: GIAC Cloud Forensics Responder (GCFR)
- FOR528: Ransomware for Incident Responders
- FOR608: Enterprise-Class Incident Response & Threat Hunting
- FOR518: Mac and iOS Forensic Analysis and Incident Response
  - Certification: GIAC iOS and macOS Examiner (GIME)
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
  - Certification: GIAC Network Forensic Analyst (GNFA)
- FOR585: Smartphone Forensic Analysis In-Depth
  - Certification: GIAC Advanced Smartphone Forensics (GASF)
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
  - Certification: GIAC Reverse Engineering Malware (GREM)
- FOR710: Reverse-Engineering Malware: Advanced Code Analysis
- SEC573: Automating Information Security with Python
  - Certification: GIAC Python Coder (GPYC)

Train and Certify

Manage Your Team

Security Awareness

Resources

Get Involved

About

Investigate

Cyber Investigation (INV)

Digital Forensics (FOR)