463

463 (NIST ID: T0036)

Task

Confirm what is known about an intrusion and discover new information, if possible, after identifying intrusion via dynamic analysis.

Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.


Core KSAT for the following Work Roles

Cyber Defense Forensics Analyst (Core) ID: 212 (NIST ID: IN-FO-002) Workforce Element: Cybersecurity

Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation.

Additional KSAT for the following Work Roles

Forensics Analyst (Additional) ID: 211 (NIST ID: IN-FO-001) Workforce Element: Cyberspace Enablers / Legal/Law Enforcement

Conducts deep-dive investigations on computer-based crimes establishing documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents.