Cyber Forensics & Investigation - Foundation (NCIIPC-QCI)

1) In the past few years, there has been an exponential growth in the use of IT and ICS for automating businesses and industrial processes, critical functions and operations, governance and electronic service delivery around the world, especially in India. The informational security requirements are very complex and is a constant struggle for organizations to meet their workforce requirements to design, implement, operate,

manage, protect and defend the complexity and interconnectivity of information technology, industrial control systems and networks. This has resulted in a huge demand on the human resource supply chain to create and sustain large pools of professionally competent IT and ICS cyber security personnel with certified knowledge, skills, and expertise.

2) CSEs and other organizations are dependent on cyber security specialists, whether they are own employees or from external parties like System Integrators, OEMs and consultancy providers. These specialists are required to handle threats and risks to their IT and ICS systems and networks, applications and data.

3) Cyber security professionals working with or providing services to CSEs are increasingly required to handle the convergence and integration of IT and ICS disciplines, each with its own objectives, bodies of knowledge, organizational cultures, and attitudes towards cyber security. Sectors that use ICS have specific processes and operational procedures mandated from health, safety, and environmental perspectives. Therefore, plugging identified gaps in information security quickly and seamlessly into these systems and

networks, requires a high degree of expertise in both IT and ICS. The CSEs also operate in an interconnected digital ecosystem that requires an understanding of the interdependencies within and across the sectors.

4) Cyber security is specialty domain in its own right, even though it is deeply embedded and integrated into the IT and ICS domains of all technology-enabled organizations and entities. However, the mechanisms for identifying and recognizing different competencies and expertise levels related to cyber security are somewhat disjointed and somewhat localised within the organizations themselves. Globally, many countries have addressed the standardization of cyber security competency profiles and associated capabilities.

5) The Certification Scheme for cyber security professionals is designed and developed to address the cyber security competency requirements of professionals in the Indian environment. Since the work roles and tasks in the Indian context are not yet standardized and remains local to each organization, the approach taken in the certification scheme is to define competency profiles for different cyber security domains that are based on a combination of knowledge, skills and expertise levels in distinct specialisation areas. Cyber security professionals are then certified for the competency profile as per ISO/IEC 17024:2012 framework that engages the certification of Persons.

6) A cyber security professional certified under the scheme can demonstrate his competency mentioned in the certificate after completing the due process of certifying the knowledge, skills and expertise of the ertified personnel in the respective cyber security domain.

7) An organization can classify its information security/ cyber security functions under different cyber security domains defined in the Scheme and use the associated competency profiles to ensure that the competencies of the workforce are aligned to the work roles and responsibilities of the different cyber security domains.

Foundation Module: Cyber Forensics & Investigation - Knowledge (KM-1101F)

• Knowledge of electronic devices (e.g., computer systems/components, access control devices, digital cameras, digital scanners, electronic organizers, hard drives, memory cards, modems, network components, networked appliances, networked home control devices, printers, removable storage devices, telephones, copiers, facsimile machines, etc.).
• Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]), file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip), types and collection of persistent data.
• Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
• Knowledge of concepts and practices of processing digital forensic data.
• Knowledge of forensics lab design configuration and support applications (e.g., VMWare, Wireshark).
• Knowledge of debugging procedures and tools.

Foundation Module: Cyber Defence Skills (SM-0501F)

• Skill in detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort).
• Skill in generating queries and reports.
• Skill in performing packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
• Skill in using network management tools to analyze network traffic patterns (e.g., simple network management protocol).
• Skill in identifying, modifying and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files).
• Skill in using binary analysis tools (e.g., Hexedit, command code xxd, hexdump).
• Skill in one-way hash functions (e.g., Secure Hash Algorithm [SHA], Message Digest Algorithm [MD5]).
• Skill in identifying common encoding techniques (e.g., XOR, ASCII, Unicode, Base64, Uuencode, URL encode).
• Skill in verifying the integrity of all files. (e.g., checksums, Exclusive OR, secure hashes, check constraints, etc.)
• Skill in reading and interpreting signatures (e.g., snort).
• Skill in applying security controls.
• Skill in using security event correlation tools.
• Skill in performing root cause analysis.

Foundation level is for all cyber security professionals interested in obtaining Foundation level competency certification in Cyber Forensics & Investigation domain andAnalyse & Investigate (AI), [Identify (ID), Protect (PR), Recover (RC)] Cyber security Function

Analyse and investigate cyber incidents to identify breaches, loopholes, process deviations, failures.

• Exam Duration: 60 mins
• Nos. of questions: 45
• Passing criteria: 70%
• Mode of examination: Online proctored.
• Certificates will be provided within 21 working days from the exam date to the candidates who pass.

Please refer to the following policies before appearing for the examination.

• TUV SUD - Joining Instruction and Webcam Usage Policy
• TUV SUD - Malpractice and Maladministration Policy_Examination

1. When can I get the certificate?
Foundation course of Cyber Forensics & Investigation (CYF)certification will be issued within 21 working days from the examination date.

2. When can I get the training material and invite?
One day before the commencement of the training program.

3. How do I pay the fees for training and examination?
Online mode

4. What are the benefits of Foundation course of Cyber Forensics & Investigation (CYF) certification
Get a Knowledge of electronic devices (e.g., computer systems/components, access control devices, digital cameras, digital scanners, electronic organizers, hard drives, memory cards, modems, network components, networked appliances, networked home control devices, printers, removable storage devices, telephones, copiers, facsimile machines, etc.).
Get a Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]), file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip), types and collection of persistent data.
Gain an understanding Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files.
Understand the Knowledge of forensics lab design configuration and support applications (e.g., VMWare, Wireshark

5. Is there any refund policy for the paid fees?
Please refer to Cancellation and Refund policy page.