After achieving their objectives, the attacker typically takes steps to hide the intrusion and possible controls left behind for future visits. Nothing happens in a void, and that includes computer crime. Hackers are much like other criminals in that they would like to be sure to remove all evidence of their activities. Hackers must also be worried about the files or programs they leave on the compromised systems.

At the conclusion of this course the student will be able to:

• Explain why attribution of attack source is difficult

• Identify sources of information to assist in identifying an attacker

• List areas where attackers alter data to preclude detection

• Identify operation methods used by attackers if they are discovered

• Explain how forensics is a critical part of determining the extent of an attack

Please Note: This course is Phase 4 of 4 in the Red Team Practitioner© program in developing a Cyber Jedburgh Workforce.