| (F) differentiate between volatile and non-volatile
memory.
(8) Digital forensics skills. The student understands
networking concepts and operations as they apply to digital forensics.
The student is expected to:
(A) examine networks, including Internet Protocol (IP)
addressing and subnets;
(B) describe the Open Systems Interconnection (OSI)
model;
(C) describe the Transmission Control Protocol/Internet
Protocol (TCP/IP) model;
(D) use network forensic analysis tools to examine
network traffic data from sources such as firewalls, routers, intrusion
detection systems (IDS), and remote access logs; and
(E) identify malicious or suspicious network activities
such as mandatory access control (MAC) spoofing and rogue wireless
access points.
(9) Digital forensics skills. The student explains
the principles of access controls. The student is expected to:
(A) define the principle of least privilege;
(B) describe the impact of granting access and permissions;
(C) identify different access components such as passwords,
tokens, key cards, and biometric verification systems;
(D) explain the value of an access log to identify
suspicious activity;
(E) describe the risks of granting third parties access
to personal and proprietary data on social media and systems;
(F) describe the risks involved with accepting Terms
of Service (ToS) or End User License Agreements (EULA) without a basic
understanding of the terms or agreements; and
(G) identify various access control methods such as
mandatory access control (MAC), attribute-based access control (ABAC),
role-based access control (RBAC), and discretionary access control
(DAC).
(10) Incident response. The student follows a methodological
approach to prepare for and respond to an incident. The student is
expected to:
(A) define the components of the incident response
cycle, including preparation; detection and analysis; containment,
eradication, and recovery; and post-incident activity;
(B) describe incident response preparation;
(C) discuss incident response detection and analysis;
(D) discuss containment and eradication of and recovery
from an incident;
(E) describe post-incident activities such as reflecting
on lessons learned, using collected incident data, and retaining evidence
of an incident;
(F) develop an incident response plan; and
(G) describe ways a user may compromise the validity
of existing evidence.
(11) Incident response. The student objectively analyzes
collected data from an incident. The student is expected to:
(A) identify the role of chain of custody in digital
forensics;
(B) describe safe data handling procedures;
(C) explain the fundamental concepts of confidentiality,
integrity, availability, authentication, and authorization;
(D) identify and report information conflicts or suspicious
activity;
(E) identify events of interest and suspicious activity
by examining network traffic; and
(F) identify events of interest and suspicious activity
by examining event logs.
(12) Incident response. The student analyzes the various
ways systems can be compromised. The student is expected to:
(A) analyze the different signatures of cyberattacks;
(B) identify points of weakness and attack vectors
such as online spoofing, phishing, and social engineering; and
(C) differentiate between simple versus multistage
attacks.
|
