About the course

Each cybercrime is a tangled skein of fragments of information scattered across the Internet. A cybercrime investigator’s task is to unravel it and put together the details of what happened. To do so requires special training and a wide range of skills.

Group-IB’s Cyber Investigator course helps embark on a career as a cyber detective all the while gaining enough knowledge to investigate even the most difficult incidents.

Key topics covered:

  • Analyzing attacker infrastructure based on open-source data
  • Investigating the most popular types of hacker attacks
  • Researching information collected from social media, Dark Web forums, and messengers
  • Finding digital footprints left by attackers
  • Techniques and methods for tracking cryptocurrency transactions

Skills required:

  • Create a secure working place for cybercrime investigations
  • Collect digital evidence for further investigation
  • Conduct threat intelligence based on open sources
  • Apply the learned incident investigation techniques to any organization

Target participants:

  • IT specialists with experience in information security
  • Information security experts
  • Practicing digital forensics and incident response specialists

Requirements:

  • Basic Windows/Unix administrator skills
  • A basic understanding of computer networks

Technical recommendations:

Hardware

  • Internet connection

Software

  • VirtualBox/VmWare with a virtual machine(Windows 10, Kali Linux, Ubuntu)
  • VPN
  • Tor browser
  • Brave browser
  • Thunderbird
  • Text editor
  • Xmind or other software for creating mind maps
  • Burp Suite or other utilities for directory brute-forcing
  • Social media accounts: Instagram, Facebook, VK

Course program

Day 1

arrow_drop_down
Theory
Practice

On day one, participants learn about various anonymization methods. Understanding how threat actors hide in the digital environment helps counter them effectively. The knowledge acquired during the course also helps ensure that a working place is secure. The second part of the day is dedicated to the basic theory of cybercrime investigation and techniques for verifying information.

Day 2

arrow_drop_down
Theory
Demonstration
Practice

Day two is fully dedicated to conducting cyber intelligence based on open sources. We look into investigation methods that our specialists use in their daily work. We also learn about how to investigate network infrastructure, social media, and underground forum profiles. Lastly, we address social engineering from the perspective of cybercrime investigations.

Day 3

arrow_drop_down
Theory
Practice

On day three, we learn about various types of cybercrime and how to investigate them. We also study in detail how organized hacker groups operate. We discuss the ways cybercriminals cash out stolen funds. We also touch upon the subject of investigating cryptocurrency-related crimes and review tools and techniques to track and attribute cryptocurrency addresses.

Day 4

arrow_drop_down
Demonstration
Practice

The last day of our course is entirely dedicated to practical assignments. Participants try their hand at investigating cyberattacks and attributing threat actors under the guidance of Group-IB experts.