To meet the continuously evolving cybersecurity threats facing the United States, the Defense Department established what is now known as the DOD Cyber Crime Center’s Cyber Training Academy in 1998 near Linthicum Heights, Maryland.
Today, DC3 functions as a designated federal cyber center and a DOD Center of Excellence for digital and multimedia forensics. DC3 operates under the secretary of the Air Force executive agency.
“The academy provides valuable training, accessible virtually anywhere and at any time,” said Casey Szyper, director of DC3 CTA. “A rigorous curriculum provides department personnel with the relevant knowledge and cutting-edge skills they need to meet mission goals.”
CTA’s mission is to provide cyber training to ensure defense information systems are secure from unauthorized use, counterintelligence and criminal and fraudulent activities, said Szyper.
Students can access training courses in four ways: in-residence; instructor-led virtual; online self-paced; or mobile training teams in locations throughout the U.S. and abroad.
The academy provides training in more than a dozen courses—ranging from computer basics to network intrusions and cyber analysis—designed to meet the evolving needs of students, said Szyper.
Also, the academy offers training in modern cybersecurity tools such as open vulnerability assessment scanner and network mapper.
In an effort to offer cyber training across the department, the academy offers a newly designed “CyberCast” which can train common access card/personal identity verification cyber operators through virtual self-paced and skillset-specific materials.
The academy offers three DOD certifications, widely recognized as validations of competency in digital forensic skills, to students who pass the following combinations of courses: digital media collector, digital forensic examiner and cyber-crime investigator with counterintelligence/law enforcement badge.
Another unique offering from CTA is their International Cyber Forensics Course.
“The ICFC provides students with the solid working knowledge necessary to conduct incident response and digital forensics of digital media to include networks.” said Angela Jenkins, CTA ICFC Training Coordinator. “The course is in-residence for five weeks with 200-hours of instruction, and more than 94-hours of hands-on training.”
The following encompasses the ICFC schedule:
Week 1: Introduction to Networks and Computer Hardware
Week 2: Cyber Incident Response Course
Week 3: Windows Forensics Examination-En-Case
Weeks 4 and 5: Forensics and Intrusions in a Windows Environment
The latest ICFC, held Aug. 1 through Sept. 2, included students from Hungary, Kuwait, Korea, and Jordan. This was the largest student population in any one iteration since inception of the course in 2019. To date, and through COVID-19 pandemic international limitations, the academy has trained 22 international partners in six separate iterations of the ICFC.
Upon completion of the ICFC, students will master the following:
Identify hardware components in a computer system
Employ operating system tools to manage disks, partitions and file systems
Perform domain management and administrative tasks using Windows server active directory and group policy tools
Configure a system to be able to communicate on a network
Perform basic computer troubleshooting
Perform basic computer tasks using Windows
Prepare for a cyber incident response and perform the role of a first responder
Prepare accurate documentation of a cyber investigation to include all actions taken
Examine where digital data resides in a variety of digital devices
Collect volatile and non-volatile data
Demonstrate how to handle digital media effectively upon responding to an incident
Generate hash values for collected data and forensic images
Conduct a forensic examination of an image of the Windows operating system
Demonstrate the basic functions, configurations, outputs, tools and settings of EnCase
Examine a forensic image from a Windows computer using basic forensic processes and automated tools in EnCase
Use password recovery toolkit to defeat protected files
Generate a detailed and accurate account of a network intrusion
Analyze network-based evidence
Analyze host-based evidence
Explain how to conduct a lawful network investigation
“DC3 has the unique privilege of interacting with our globally-positioned cyber partners in an educational forum,” said Jude Sunderburch, DC3 executive director. “Graduating students of our ICFC have helped to foster positive relationships between DC3 and their host U.S. embassy representatives, national security counterparts, and both U.S. and foreign military training delegates.”
Currently, the academy is only approved to train ministry of defense personnel in partner nations. Collaboration and discussions between the International Military Student Office and Defense Security Cooperation Agency continue in an effort to increase support and funding for training non-MOD personnel through the Section 345 Regional Defense Fellowship Program.