NPCC Cybercrime Computing and Networking Foundation Course

NPCC National Cybercrime Programme

The NPCC Cybercrime Training Programme provides police forces in England and Wales with the skills needed to be able to respond to a report of cybercrime and fully investigate any criminal activity, prosecute offenders where necessary but also divert individuals on the cusp of criminal activity on to productive paths. The Programme gives staff the technical skill to advise and protect individuals and organisations in cyber security to help better protect themselves against cybercrime.

This National Cyber Security Center (NCSC) accredited five-day course will give delegates a good understanding of a number of important topics needed as a Cybercrime Specialist, including:

• How a computer works and what its fundamental components are
• How do computers communicate via networks and what protocols are used
• What is binary and why do we use hex and not decimal
• Fundamentals of encryption, cloud and virtualisation
• An introduction to digital forensics and why the integrity of data is paramount no matter what your role
• An understanding of the Computer Misuse Act and Data Protection and why they are important
• Cybercrime threats and cybercrime offences

The first part of the course is an online digital section that must be completed prior to attending the classroom course. If delegates fail to complete the digital section, they risk lacking the knowledge and understanding required to pass the classroom-based course.

The five-day classroom-based course is where the fundamentals delegates have learned in the online course will be explored in detail along with new topics.

Digital Pre-Learning Modules – taken prior to the classroom course

To really understand computers, networking and cybercrime, it is important that officers and staff understand computing concepts. Each module has a short knowledge check to support learning outcomes.

Pre-Module 1 – Computing concepts

Pre-Module 2 – Networking concepts

Pre-Module 3 – Relevant Legislation

Pre-Module 4 – Number Systems

Module 1 – Computing Concepts & Operating Systems

• To explain computer system components
• Describe the differences between magnetic hard drives and solid state drives
• To explain the different characteristics of operating systems
• What file systems are used and what data is contained
• What is a RAID (Redundant Array of Independent Disks)
• What is serverless computing?
  • Exercise - How to create user accounts

 Module 2 – Networking Protocols & Network Security

• To explain how networks function?
• How data travels the network?
• Logical address (IP4 and IP6)
• What security protocols can be applied on the network and what they are?
• What are the different types of Firewalls and Gateways and how they work?
  • Exercise - Use CLI for diagnostic purposes

Module 3 – Network Architectures & Topologies

• Applications and Application-layer Protocols
• What is Dynamic Host Configuration Protocol (DHCP) and how it functions?
• Attacks against the DHCP and mitigations
• What is information assurance architecture?
• Network traffic analysis
  • Exercise - Performing network traffic analysis
  • Exercise - Create and alter packets with hping3 and eavesdropping with Wireshark

Module 4 – Cloud & Virtualisation

• What is virtualisation?
• What is a container?
• What is cloud computing and what technologies are used?
• How security is applied within cloud computing
• Breaches impacted by the cloud
• Evidential opportunities in the cloud
  • Exercise - Setting up your own virtual machine

Module 5 – Principles of Digital Evidence

• Digital evidence principles and forensic frameworks
• Data vs Information
• Understanding file systems
• IoT device challenges
• Digital forensic images
• Windows & Linux log file analysis
• Write blocking and best practice
• Mobile device images
• Digital evidence
  • Exercise - Windows Log Analysis
  • Exercise - Linux Log Analysis

Module 6 – Digital Footprints

• Explain what information and data may be passively or actively transmitted or submitted
• Review data we place in our digital world can easily be harvested
• Email header analysis
• Understand how to take care to protect our data as best as we can
• Discuss social networks, know how to lockdown accounts
• Practice good passphrase management
• Password cracking
  • Exercise - Windows Defender Firewall
  • Exercise - Linux Firewalls
  • Exercise - Windows Defender
  • Exercise - Email headers

Module 7 – Digital Currency Concepts

• How bitcoin and virtual currencies work
• How the block chain works
• What is Proof of work?
• Identifying other cryptocurrencies
  • Exercise - Bitcoin Technologies
  • Exercise - Bitcoin in crime
  • Exercise - Auditing a bitcoin transaction

Module 8 – Cyber Attacks & Cyber Offences

• Cyber dependant and enabled crime
• Cyber exploits and vulnerability scanning
• Malware
• Denial of Service
• Combating threats
• Advanced threat analysis
  • Exercise - Nmap and Zenmap
  • Exercise - Vulnerability Scanning with Nikto
  • Exercise - Advanced Network Scanning with SPARTA
  • Exercise - Denial-of-Service using LOIC
  • Exercise - Advanced Persistent Threat Analysis
  • Exercise - Honeypots

Module 9 – Encryption

• To explain the uses of encryption technologies
• Describe conventional encryption principles
• To explain cipher classification
• Asymmetric and Symmetric encryption
• PKI and Certificate Authorities
• Digital Signatures
• Hashing scenarios
• Ubiquitous encryption
  • Exercise - Hashing Scenario
  • Exercise - Digital Certificates

Module 10 – Introduction to Neurodiversity

• What is neurodiversity?
• Common neurodivergent thinking styles
• Benefits of neurodivergent thinking styles
• Challenges of neurodivergent thinking styles
• Neurodiversity and Cybercrime

End-of-Course Exam

National Cyber Security Center (NCSC) Certified Training Exam:

• Online proctored exam taken post-course
• Duration - 70 minutes
• Questions 50, multiple choice (4 multiple choice answers only 1 of which is correct)
• Pass mark 50%
• Digital badge