Cyber Crime Investigation (OPM Code 221)
Work Role Definition
Responsible for investigating cyberspace intrusion incidents and crimes. Applies tactics, techniques, and procedures for a full range of investigative tools and processes and appropriately balances the benefits of prosecution versus intelligence gathering.
Recommended SANS Training & GIAC Certification:
- FOR498: Battlefield Forensics & Data Acquisition | Certification: GIAC Battlefield Forensics and Acquisition (GBFA)
- FOR500: Windows Forensic Analysis | Certification: GIAC Certified Forensic Examiner (GCFE)
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics | Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR509: Enterprise Cloud Forensics and Incident Response | Certification: GIAC Cloud Forensics Responder (GCFR)
- FOR528: Ransomware for Incident Responders
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response | Certification: GIAC Network Forensic Analyst (GNFA)
- FOR589: Cybercrime Intelligence
- FOR608: Enterprise-Class Incident Response & Threat Hunting
- FOR585: Smartphone Forensic Analysis In-Depth | Certification: GIAC Advanced Smartphone Forensics (GASF)
- FOR518: Mac and iOS Forensic Analysis and Incident Response | Certification: GIAC iOS and macOS Examiner (GIME)
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques | Certification: GIAC Reverse Engineering Malware (GREM)
- FOR710: Reverse-Engineering Malware: Advanced Code Analysis
- FOR498: Battlefield Forensics & Data Acquisition | Certification: GIAC Battlefield Forensics and Acquisition (GBFA)
Digital Evidence Analysis (OPM Code 211)
Work Role Definition
Responsible for identifying, collecting, examining, and preserving digital evidence using controlled and documented analytical and investigative techniques.
Recommended SANS Training & GIAC Certification:
- FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics | Certification: GIAC Certified Forensic Analyst (GCFA)
- FOR509: Enterprise Cloud Forensics and Incident Response | Certification: GIAC Cloud Forensics Responder (GCFR)
- FOR528: Ransomware for Incident Responders
- FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response | Certification: GIAC Network Forensic Analyst (GNFA)
- FOR608: Enterprise-Class Incident Response & Threat Hunting
- FOR585: Smartphone Forensic Analysis In-Depth | Certification: GIAC Advanced Smartphone Forensics (GASF)
- FOR518: Mac and iOS Forensic Analysis and Incident Response | Certification: GIAC iOS and macOS Examiner (GIME)
- FOR578: Cyber Threat Intelligence | Certification: GIAC Cyber Threat Intelligence (GCTI)
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques | Certification: GIAC Reverse Engineering Malware (GREM)
- FOR710: Reverse-Engineering Malware: Advanced Code Analysis