OCTOBER 17, 2022 – To meet the continuously evolving cybersecurity threats facing the United States, the Defense Department established what is now known as the DOD Cyber Crime Center’s Cyber Training Academy in 1998 near Linthicum Heights, Maryland.
Today, DC3 functions as a designated federal cyber center and a DOD Center of Excellence for digital and multimedia forensics. DC3 operates under the secretary of the Air Force executive agency.
“The academy provides valuable training, accessible virtually anywhere and at any time,” said Casey Szyper, director of DC3 CTA. “A rigorous curriculum provides department personnel with the relevant knowledge and cutting-edge skills they need to meet mission goals.”
CTA’s mission is to provide cyber training to ensure defense information systems are secure from unauthorized use, counterintelligence and criminal and fraudulent activities, said Szyper.
Students can access training courses in four ways: in-residence; instructor-led virtual; online self-paced; or mobile training teams in locations throughout the U.S. and abroad.
The academy provides training in more than a dozen courses—ranging from computer basics to network intrusions and cyber analysis—designed to meet the evolving needs of students, said Szyper.
Also, the academy offers training in modern cybersecurity tools such as open vulnerability assessment scanner and network mapper.
In an effort to offer cyber training across the department, the academy offers a newly designed “CyberCast” which can train common access card/personal identity verification cyber operators through virtual self-paced and skillset-specific materials.
The academy offers three DOD certifications, widely recognized as validations of competency in digital forensic skills, to students who pass the following combinations of courses: digital media collector, digital forensic examiner and cyber-crime investigator with counterintelligence/law enforcement badge.
Another unique offering from CTA is their International Cyber Forensics Course.
“The ICFC provides students with the solid working knowledge necessary to conduct incident response and digital forensics of digital media to include networks.” said Angela Jenkins, CTA ICFC Training Coordinator. “The course is in-residence for five weeks with 200-hours of instruction, and more than 94-hours of hands-on training.”
The following encompasses the ICFC schedule:
International Cyber Forensics Course Schedule
- Week 1: Introduction to Networks and Computer Hardware
- Week 2: Cyber Incident Response Course
- Week 3: Windows Forensics Examination-En-Case
- Weeks 4 and 5: Forensics and Intrusions in a Windows Environment
The latest ICFC, held Aug. 1 through Sept. 2, included students from Hungary, Kuwait, Korea, and Jordan. This was the largest student population in any one iteration since inception of the course in 2019. To date, and through COVID-19 pandemic international limitations, the academy has trained 22 international partners in six separate iterations of the ICFC.
Upon completion of the ICFC, students will master the following:
Course Objectives
- Identify hardware components in a computer system
- Employ operating system tools to manage disks, partitions and file systems
- Perform domain management and administrative tasks using Windows server active directory and group policy tools
- Configure a system to be able to communicate on a network
- Perform basic computer troubleshooting
- Perform basic computer tasks using Windows
- Prepare for a cyber incident response and perform the role of a first responder
- Prepare accurate documentation of a cyber investigation to include all actions taken
- Examine where digital data resides in a variety of digital devices
- Collect volatile and non-volatile data
- Demonstrate how to handle digital media effectively upon responding to an incident
- Generate hash values for collected data and forensic images
- Conduct a forensic examination of an image of the Windows operating system
- Demonstrate the basic functions, configurations, outputs, tools and settings of EnCase
- Examine a forensic image from a Windows computer using basic forensic processes and automated tools in EnCase
- Use password recovery toolkit to defeat protected files
- Generate a detailed and accurate account of a network intrusion
- Analyze network-based evidence
- Analyze host-based evidence
- Explain how to conduct a lawful network investigation
“DC3 has the unique privilege of interacting with our globally-positioned cyber partners in an educational forum,” said Jude Sunderburch, DC3 executive director. “Graduating students of our ICFC have helped to foster positive relationships between DC3 and their host U.S. embassy representatives, national security counterparts, and both U.S. and foreign military training delegates.”
Currently, the academy is only approved to train ministry of defense personnel in partner nations. Collaboration and discussions between the International Military Student Office and Defense Security Cooperation Agency continue in an effort to increase support and funding for training non-MOD personnel through the Section 345 Regional Defense Fellowship Program.
By David Vergun , DOD News