Version: 1.0 Approved by: ICDFA Training Board Effective Date: April 2026 Programme Duration: 6 Months per Track (26 Weeks) Delivery Mode: Online, Lab-Intensive, Instructor-Guided Credential Awarded: Certified in Cybersecurity and Digital Forensics (CCDF)
- Programme Overview
- Programme Structure
- Track Selection Policy
- Track A: Ethical Hacking
- CIP-A101: Linux Systems Fundamentals I
- CIP-A102: Linux Systems Fundamentals II
- CIP-A103: Network Defence & Traffic Analysis
- CIP-A104: Offensive Security Operations I
- CIP-A105: Offensive Security Operations II
- CIP-A106: Critical Infrastructure Critical Infrastructure & ICS Security
- CIP-A107: Security Operations Centre (SOC) Essentials
- CIP-A108: Applied Security Engineering
- CIP-A109: Cloud Security Architecture
- CIP-A110: Cloud Security Automation & DevSecOps
- Track B: Digital Forensics
- CIP-B101: Basic Computer Skills for Digital Forensics
- CIP-B102: Foundations of Computer and Digital Forensics
- CIP-B103: Network Forensics Fundamentals
- CIP-B104: Windows and Endpoint Forensics Casework
- CIP-B105: Applied Investigative Case Studies
- CIP-B106: Mobile and IoT Forensics
- CIP-B107: AI for Forensics and Capstone Intelligence Analysis
- Weekly Schedule -- Track A: Ethical Hacking
- Weekly Schedule -- Track B: Digital Forensics
- Assessment Framework
- Institutional Partners
- Programme Policies
- Certification and Credential
The ICDFA Cybersecurity Internship Programme (CIP) is a structured, 6-month, lab-intensive internship designed to provide aspiring cybersecurity professionals with foundational-to-intermediate hands-on skills in either Ethical Hacking or Digital Forensics.
The programme is divided into two distinct specialisation tracks. Interns must select one track upon enrolment and complete it in full before they are eligible to enrol in the second track. Both tracks cannot be undertaken simultaneously.
The programme is delivered through the NDG NETLAB+ platform in partnership with Cisco Networking Academy, Palo Alto Networks, and other institutional partners. All courses include hands-on labs, chapter exams, midterm exams, and final comprehensive exams to ensure mastery of each subject area.
Upon successful completion of a track, interns are awarded the Certified in Cybersecurity and Digital Forensics (CCDF) credential with the relevant specialisation endorsement.
The programme offers two specialisation tracks, each lasting 26 weeks (6 months):
Track A: Ethical Hacking (26 Weeks) 10 courses covering Linux systems, network security, ethical hacking, critical infrastructure, security operations, security fundamentals, and cloud security. Total of 148 labs.
Track B: Digital Forensics (26 Weeks) 7 courses covering foundational computing for digital forensics, evidence acquisition, network forensics, Windows and endpoint casework, investigative case studies, mobile and IoT forensics, and AI-assisted forensic analysis. Total of 90 labs / guided units.
Track A emphasises common security foundations, while Track B follows a forensics-first pathway built around evidence acquisition, artifact analysis, casework, and capstone reporting.
Interns must choose one track at the time of enrolment. The following rules apply:
- Interns cannot enrol in both tracks simultaneously.
- Interns must complete their selected track in full, including all labs, exams, and assessments, before they are eligible to apply for the second track.
- There is no automatic enrolment into the second track. Interns who wish to pursue the second track must submit a new application after completing the first.
- Credits and completed courses are ordinarily track-specific; recognition of prior equivalent training may be granted only at the discretion of the Director of Training.
- Interns who fail or withdraw from a track must wait for the next available intake to re-apply.
Track Duration: 26 Weeks Total Courses: 10 Total Labs: 148 Specialisation Focus: Offensive security, penetration testing, vulnerability assessment, critical infrastructure security, cloud security
Course Code: CIP-A101
Course Title: Linux Systems Fundamentals I
Duration: 3 Weeks (Weeks 1-3)
Platform: NDG NETLAB+
Certification Alignment: LPI LPIC-1 101
Description: Gain the skills needed to perform maintenance tasks on the command line, install and configure a computer running Linux, and configure basic networking.
Modules and Chapters:
Module 1: Getting Started
- Chapter 1: Introduction
- Chapter 2: Using the Shell
- Chapter 3: Configuring the Shell
Module 2: Basic File Management
- Chapter 4: File Globbing
- Chapter 5: File Manipulation
- Chapter 6: Finding Files
Module 3: Working With Text
- Chapter 7: Text Utilities
- Chapter 8: Regular Expressions
- Chapter 9: The vi Editor
- Chapter 10: Standard Text Streams and Redirection
Module 4: Advanced File Management
- Chapter 11: Managing Processes
- Chapter 12: Archive Commands
- Chapter 13: File Permissions
- Chapter 14: Filesystem Links
Module 5: Booting the System
- Chapter 15: Hardware Configuration
- Chapter 16: The Boot Process
- Chapter 17: Bootloaders
- Chapter 18: Runlevels
Module 6: Partitioning
- Chapter 19: Designing a Scheme
- Chapter 20: Creating Partitions
Module 7: Administration of Filesystem
- Chapter 21: Mounting Filesystems
- Chapter 22: Maintaining Integrity
- Chapter 23: Fixing Filesystems
Module 8: System Software
- Chapter 24: Package Management
- Chapter 25: Managing Shared Libraries
- Chapter 26: Virtualization
Labs:
| Lab | Title |
|---|---|
| Lab 02 | Using the Shell |
| Lab 03 | Configuring the Shell |
| Lab 04 | File Globbing |
| Lab 05 | File Manipulation |
| Lab 06 | Finding Files |
| Lab 07 | Text Utilities |
| Lab 08 | Regular Expressions |
| Lab 09 | The vi Editor |
| Lab 10 | Standard Text Streams and Redirection |
| Lab 11 | Managing Processes |
| Lab 12 | Archive Commands |
| Lab 13 | File Permissions |
| Lab 14 | Filesystem Links |
| Lab 15 | Hardware Configuration |
| Lab 17 | Bootloaders |
| Lab 18 | Runlevels |
| Lab 21 | Mounting Filesystems |
| Lab 22 | Maintaining Integrity |
| Lab 23 | Fixing Filesystems |
| Lab 24 | Package Management |
| Lab 25 | Managing Shared Libraries |
Assessments:
- Chapter Exams: Exam 1 through Exam 26
- Midterm Exam (Chapters 1-14)
- Final Exam (Chapters 15-26)
- Final Comprehensive Exam
- LPI LPIC-1 101 Certification Exam Coupon
Course Code: CIP-A102
Course Title: Linux Systems Fundamentals II
Duration: 3 Weeks (Weeks 4-6)
Platform: NDG NETLAB+
Certification Alignment: LPI LPIC-1 102
Description: Gain the skills needed to perform maintenance tasks on the command line, install and configure a computer running Linux, and configure basic networking.
Modules and Chapters:
Module 1: Advanced Shell Features
- Chapter 1: Advanced Shell Features
- Chapter 2: Shell Scripts
Module 2: Administering the Display
- Chapter 3: X Window
- Chapter 4: Graphical Desktops
- Chapter 5: Accessibility
Module 3: User and System Administration
- Chapter 6: User and Group Accounts
- Chapter 7: Scheduling Jobs
- Chapter 8: Localization
Module 4: System Services
- Chapter 9: System Time
- Chapter 10: System Logging
- Chapter 11: Email Configuration
- Chapter 12: Printer Management
Module 5: Networking
- Chapter 13: Networking Fundamentals
- Chapter 14: Network Configuration
- Chapter 15: Network Troubleshooting
Module 6: System Security
- Chapter 16: Account Security
- Chapter 17: Host Security
- Chapter 18: Encryption
Labs:
| Lab | Title |
|---|---|
| Lab 01 | Advanced Shell Features |
| Lab 02 | Shell Scripts |
| Lab 03 | X Window |
| Lab 04 | Graphical Desktops |
| Lab 05 | Accessibility |
| Lab 06 | User and Group Accounts |
| Lab 07 | Scheduling Jobs |
| Lab 08 | Localization |
| Lab 09 | System Time |
| Lab 10 | System Logging |
| Lab 11 | Email Configuration |
| Lab 12 | Printer Management |
| Lab 13 | Networking Fundamentals |
| Lab 14 | Network Configuration |
| Lab 15 | Network Troubleshooting |
| Lab 16 | Account Security |
| Lab 17 | Host Security |
| Lab 18 | Encryption |
Assessments:
- Chapter Exams: Exam 1 through Exam 18
- Midterm Exam (Chapters 1-8)
- Final Exam (Chapters 9-18)
- Final Comprehensive Exam (Chapters 1-18)
- LPI LPIC-1 102 Certification Exam Coupon
Course Code: CIP-A103
Course Title: Network Defence & Traffic Analysis
Duration: 2 Weeks (Weeks 7-8)
Platform: NDG NETLAB+ / Palo Alto Networks
Description: Learn the fundamentals of network security including concepts you must understand to recognise and potentially defend home networks and mission-critical infrastructure.
Labs:
| Lab | Title |
|---|---|
| Lab 01 | Configuring DHCP |
| Lab 02 | Configuring Virtual IP Addresses |
| Lab 03 | Creating Packet Captures |
| Lab 04 | Analyzing Packet Captures |
| Lab 05 | Managing Certificates |
| Lab 06 | Decrypting SSH Traffic |
| Lab 07 | Decrypting SSL Inbound Traffic |
| Lab 08 | Backing up Firewall Logs |
Course Code: CIP-A104
Course Title: Offensive Security Operations I
Duration: 3 Weeks (Weeks 9-11)
Platform: NDG NETLAB+
Description: Prepare for a variety of IT positions, including Cyber Security Analyst, Penetration Tester, Ethical Hacker, Security Engineer, and Cyber Security Engineer. Series 1 covers reconnaissance, scanning, vulnerability assessment, exploitation, and social engineering.
Labs:
| Lab | Title |
|---|---|
| Lab 01 | DNS Footprinting |
| Lab 02 | Packet Crafting with Scapy |
| Lab 03 | Reconnaissance with Nmap, Zenmap, and Masscan |
| Lab 04 | Reconnaissance with Hping |
| Lab 05 | Vulnerability Scanning with OpenVAS |
| Lab 06 | Network Analysis |
| Lab 07 | Evading IDS |
| Lab 08 | Password Cracking with JTR and Hashcat |
| Lab 09 | Metasploit Framework Fundamentals and Armitage |
| Lab 10 | Web Pentesting |
| Lab 11 | Client Side Exploitations |
| Lab 12 | ARP Spoofing and MiTM Attacks |
| Lab 13 | Understanding Buffer Overflows |
| Lab 14 | Understanding SQL Commands and Injections |
| Lab 15 | Backdooring with Netcat |
| Lab 16 | VNC as a Backdoor |
| Lab 17 | Creating and Installing SSL Certificates |
| Lab 18 | Social Engineering Attacks with SET |
Cyber Range: Launch Cyber Range (post-Series 1)
Course Code: CIP-A105
Course Title: Offensive Security Operations II
Duration: 2 Weeks (Weeks 12-13)
Platform: NDG NETLAB+
Description: Continuation of NDG Ethical Hacking v2. Series 2 covers advanced scanning methodology, enumeration, system hacking, web-based hacking, mobile hacking, and cryptography.
Labs:
| Lab | Title |
|---|---|
| Lab 19 | Scanning Methodology |
| Lab 20 | Enumeration |
| Lab 21 | System Hacking |
| Lab 22 | Windows Security Account Manager |
| Lab 23 | Covering Your Tracks |
| Lab 24 | Web-Based Hacking |
| Lab 25 | Mobile Hacking |
| Lab 26 | Cryptography |
Cyber Range: Launch Cyber Range (post-Series 2)
Course Code: CIP-A106
Course Title: Critical Infrastructure Critical Infrastructure & ICS Security
Duration: 3 Weeks (Weeks 14-16)
Platform: NDG NETLAB+
Description: Gain hands-on experience with key Critical Infrastructure (CI) cybersecurity concepts, including PLCs, HMIs, SCADA systems, Modbus, and related protocols.
Labs:
| Lab | Title |
|---|---|
| Lab 01 | Introduction to Programmable Logic Controllers |
| Lab 02 | PLC Programming Languages |
| Lab 03 | Building Your First PLC Program |
| Lab 04 | Introduction to Supervisory Control and Data Acquisition |
| Lab 05 | Building a SCADA Human Machine Interface |
| Lab 06 | Introduction to Modbus |
| Lab 07 | Exploring ICS Packet Captures |
| Lab 08 | ICS Protocols |
| Lab 09 | Scanning Industrial Control Systems |
| Lab 10 | MiTM/DoS Attack Automation on ICS |
| Lab 11 | Pentesting a Corporate Environment |
| Lab 12 | Setting Up a Command-and-Control Center |
| Lab 13 | Setting Up a Pivot |
| Lab 14 | Deep Pivot with LDAP |
Cyber Range: Launch Cyber Range (post-course)
Course Code: CIP-A107
Course Title: Security Operations Centre (SOC) Essentials
Duration: 2 Weeks (Weeks 17-18)
Platform: NDG NETLAB+ / Palo Alto Networks
Description: A high-level introduction to the general concepts of SOC (Security Operations Center) and SecOps (Security Operations Procedures).
Labs:
| Lab | Title |
|---|---|
| Lab 01 | Network Traffic Analysis |
| Lab 02 | Using the Application Command Center (ACC) to Find Threats |
| Lab 03 | Analyzing Firewall Logs |
| Lab 04 | Log Forwarding to Linux |
| Lab 05 | Stopping Reconnaissance Attacks |
| Lab 06 | Securing Endpoints using Vulnerability Profiles |
| Lab 07 | Threat Intelligence |
| Lab 08 | Using Dynamic Block Lists |
Course Code: CIP-A108
Course Title: Applied Security Engineering
Duration: 3 Weeks (Weeks 19-21)
Platform: NDG NETLAB+
Certification Alignment: CompTIA Security+
Description: Gain hands-on practice in the skills needed to secure a network and prepare for industry certification.
Labs:
| Lab | Title |
|---|---|
| Lab 01 | Social Engineering Attacks |
| Lab 02 | Analyzing Types of Malware and Application Attacks |
| Lab 03 | Analyzing Types of Web Application Attacks |
| Lab 04 | Investigating ARP Poisoning |
| Lab 05 | Analyzing Types of Attacks and Mitigation Techniques |
| Lab 06 | Vulnerability Checks with OpenVAS |
| Lab 07 | Performing Active Reconnaissance |
| Lab 08 | Identifying and Analyzing Network/Host Intrusion Detection System (NIDS/HIDS) Alerts |
| Lab 09 | Virtualization and Group Policy Objects (GPO) |
| Lab 10 | Javascript Obfuscation and Dead Code Injection |
| Lab 11 | Configuring a RADIUS Server |
| Lab 12 | Setting Up a Load Balancer |
| Lab 13 | IoT Management |
| Lab 14 | Cryptography Concepts |
| Lab 15 | Implementing Common Protocols and Services for Basic Security Practices |
| Lab 16 | Securing Data with Encryption Software |
| Lab 17 | Configuring a Network Based Firewall |
| Lab 18 | Wireless Networking Attack and Mitigation Techniques |
| Lab 19 | Working with Android |
| Lab 20 | Linux Account Management |
| Lab 21 | PKI Management with Windows |
| Lab 22 | Capturing Network Traffic |
| Lab 23 | Incident Response Procedures |
| Lab 24 | Performing Backups |
| Lab 25 | Using Autopsy for Forensics and Lost Data Recovery |
Cyber Range: Launch Cyber Range (post-course)
Course Code: CIP-A109
Course Title: Cloud Security Architecture
Duration: 2 Weeks (Weeks 22-23)
Platform: NDG NETLAB+ / Palo Alto Networks
Description: Learn the fundamentals of cloud security, including concepts you must understand to recognise threats and potentially defend from cloud-based attacks.
Labs:
| Lab | Title |
|---|---|
| Lab 01 | Protecting Sensitive Data |
| Lab 02 | Preventing Internet Threats with File Blocking |
| Lab 03 | Container Fundamentals |
| Lab 04 | Container Network Security |
| Lab 05 | Introduction to Docker Pt. 1 |
| Lab 06 | Introduction to Docker Pt. 2 |
| Lab 07 | Denying International Attackers |
| Lab 08 | Configuring HIP for Global Protect |
| Lab 09 | Container Vulnerability Scanning |
View All Labs for This Course →
Course Code: CIP-A110
Course Title: Cloud Security Automation & DevSecOps
Duration: 2 Weeks (Weeks 24-25)
Platform: NDG NETLAB+ / Palo Alto Networks
Description: Learn the fundamentals of cloud security automation with Kubernetes, Minikube, DevSecOps practices, vulnerability management, and the MITRE ATT&CK framework.
Labs:
| Lab | Title |
|---|---|
| Lab 01 | Introduction to Kubernetes Pt. 1 |
| Lab 02 | Introduction to Kubernetes Pt. 2 |
| Lab 03 | Introduction to Kubernetes: Microservices and DevSecOps |
| Lab 04 | Overview of Cloud-Native Application Protection Platforms (CNAPP) Pt. 1 |
| Lab 05 | Overview of Cloud-Native Application Protection Platforms (CNAPP) Pt. 2 |
| Lab 06 | Cloud-Native Application Protection Platforms (CNAPP) Runtime Defense Pt. 1 |
| Lab 07 | Cloud-Native Application Protection Platforms (CNAPP) Runtime Defense Pt. 2 |
Week 26: Track A Final Assessment, Capstone Review, and Programme Wrap-Up
Track Duration: 26 Weeks Total Courses: 7 Total Labs / Guided Units: 90 Specialisation Focus: Digital evidence acquisition, Windows and endpoint forensics, network forensics, case-based investigation, mobile and IoT forensics, AI-assisted forensic analysis
Course Code: CIP-B101 Course Title: Basic Computer Skills for Digital Forensics Duration: 3 Weeks (Weeks 1-3) Platform: Kali Linux / VirtualBox / Digital Forensics Lab resources Description: Build the foundational computing skills required for later forensic analysis, including binary and hexadecimal thinking, PC architecture awareness, and command-line fluency in both Windows and Linux.
Labs:
| Lab | Title |
|---|---|
| Lab 01 | Number Systems |
| Lab 02 | PC Introduction |
| Lab 03 | Windows Command Line Tutorial |
| Lab 04 | Linux Command Line Tutorial |
| Lab 05 | Advanced Linux Command Line Tutorial |
Assessments:
- Skills check on binary, hexadecimal, and command-line navigation
- Short practical exercises in Windows and Linux command-line usage
Course Code: CIP-B102 Course Title: Foundations of Computer and Digital Forensics Duration: 3 Weeks (Weeks 4-6) Platform: Kali Linux / Sleuth Kit / Digital Forensics Lab resources Description: Introduce core forensic concepts, evidence handling, image acquisition, metadata analysis, and introductory artifact recovery workflows.
Labs:
| Lab | Title |
|---|---|
| Lab 01 | Introduction to Digital Forensics |
| Lab 02 | Sleuth Kit Tutorial |
| Lab 03 | USB Image Acquisition |
| Lab 04 | Evidence Search - A Pattern Match Game |
| Lab 05 | Evidence Search - File Metadata |
| Lab 06 | Data Carving |
| Lab 07 | Steganography |
Assessments:
- Guided forensic worksheet submissions
- Introductory forensic report using the reference report template
Course Code: CIP-B103 Course Title: Network Forensics Fundamentals Duration: 2 Weeks (Weeks 7-8) Platform: Wireshark / tshark / Scapy / Kali Linux Description: Develop practical skill in packet analysis, protocol investigation, and network evidence extraction across common attack and abuse scenarios.
Labs:
| Lab | Title |
|---|---|
| Lab 01 | HTTP Analysis using Wireshark (Text) |
| Lab 02 | HTTP Analysis using Wireshark (Image) |
| Lab 03 | SYN Flood Attack Investigation using tshark |
| Lab 04 | SMTP Forensics |
| Lab 05 | ARP Poisoning Forensics |
| Lab 06 | Firewall Log and Packet Drop Analysis |
| Lab 07 | DNS Introduction |
| Lab 08 | DNS Spoofing Forensics |
| Lab 09 | WEP40 Wireless Aircrack Investigation |
Assessments:
- Packet analysis worksheets
- Mini case reconstruction from captured traffic
Course Code: CIP-B104 Course Title: Windows and Endpoint Forensics Casework Duration: 4 Weeks (Weeks 9-12) Platform: Kali Linux / Autopsy / Registry and NTFS analysis tools / Public case datasets Description: Apply Windows forensic methods to structured evidence sets derived from the NIST Data Leakage and P2P Leakage investigations, focusing on artifact correlation and timeline reconstruction.
Labs:
| Lab | Title |
|---|---|
| Lab 01 | Environment Setting Up |
| Lab 02 | Windows Registry |
| Lab 03 | Windows Event and XML |
| Lab 04 | Web History and SQL |
| Lab 05 | Email Investigation |
| Lab 06 | File Change History and USN Journal |
| Lab 07 | Network Evidence and Shellbag |
| Lab 08 | Network Drive and Cloud |
| Lab 09 | Master File Table ($MFT) and Log File Analysis |
| Lab 10 | Windows Search History |
| Lab 11 | Windows Volume Shadow Copy Analysis / SQL Database Carving |
| Lab 12 | Recycle Bin and Anti-Forensics |
| Lab 13 | Data Carving |
| Lab 14 | Crack Windows Passwords |
| Lab 15 | P2P Lab Environment Setting Up |
| Lab 16 | Disk Image and Partitions |
| Lab 17 | Windows Registry and File Directory |
| Lab 18 | MFT Timeline |
| Lab 19 | USN Journal Timeline |
| Lab 20 | uTorrent Log File |
| Lab 21 | File Signature Analysis |
| Lab 22 | Email Evidence Analysis |
| Lab 23 | Web History Investigation |
| Lab 24 | Website Analysis and Timeline Summary |
Assessments:
- Timeline reconstruction exercises
- Case narrative and evidence correlation report
Course Code: CIP-B105 Course Title: Applied Investigative Case Studies Duration: 4 Weeks (Weeks 13-16) Platform: Wireshark / tshark / Memory forensics tools / Case-based lab datasets Description: Use focused case studies to practice evidence recovery, steganography, memory forensics, email tracing, and historical incident investigation.
Labs:
| Lab | Title |
|---|---|
| Lab 01 | Review HTTP Analysis using Wireshark (Text) |
| Lab 02 | Rhino Possession Investigation 1: File Recovering |
| Lab 03 | Rhino Possession Investigation 2: Steganography |
| Lab 04 | Rhino Possession Investigation 3: Extract Evidence from FTP Traffic |
| Lab 05 | Rhino Possession Investigation 4: Extract Evidence from HTTP Traffic |
| Lab 06 | Investigating Harassment Email using Wireshark |
| Lab 07 | tshark Forensics Introduction |
| Lab 08 | Investigating Harassment Email using tshark |
| Lab 09 | Memory Forensics: Illegal File Transferring |
| Lab 10 | Hacking Case Investigation |
| Lab 11 | Morris Worm Attack |
| Lab 12 | Investigating Morris Worm Attack |
Assessments:
- Case notebooks for each investigation block
- Comparative report on artifact types and evidential value
Course Code: CIP-B106 Course Title: Mobile and IoT Forensics Duration: 5 Weeks (Weeks 17-21) Platform: Mobile forensic datasets / chip-off workflows / SQLite analysis / IoT evidence images Description: Examine evidence extraction and interpretation across smart home, voice assistant, Android, iPhone, and drone datasets using repository-guided investigations.
Labs:
| Lab | Title |
|---|---|
| Lab 01 | Doorbell Introduction |
| Lab 02 | Doorbell Scenario Simulation |
| Lab 03 | Doorbell Teardown Chip-off Image Acquisition |
| Lab 04 | Doorbell Image Analysis and Mounting |
| Lab 05 | Doorbell Evidence Extraction |
| Lab 06 | Echo Show Introduction |
| Lab 07 | Device Teardown and eMMC Chip-off |
| Lab 08 | Image Acquisition and Mounting |
| Lab 09 | Echo Show Web Activity |
| Lab 10 | Echo Show Phone Communication |
| Lab 11 | Echo Show Multimedia: Photos and Related Data |
| Lab 12 | Echo Show Multimedia: Audio and Related Data |
| Lab 13 | Intro Pixel 3 Android 10 |
| Lab 14 | Pixel 3 Image |
| Lab 15 | Pixel 3 Device Investigation |
| Lab 16 | AOSP App Investigations: Messaging |
| Lab 17 | GMS App Investigations: Maps |
| Lab 18 | Intro iPhone iOS 13 |
| Lab 19 | iPhone Device Investigation |
| Lab 20 | Messages Investigations |
| Lab 21 | Safari Investigations |
| Lab 22 | Location Investigations |
| Lab 23 | DJI Mavic Air Mobile |
| Lab 24 | DJI Mavic Air MicroSD Raw |
| Lab 25 | DJI Mavic Air MicroSD Encase Format |
Assessments:
- Mobile artifact extraction worksheets
- Device-specific evidence interpretation summaries
Course Code: CIP-B107 Course Title: AI for Forensics and Capstone Intelligence Analysis Duration: 4 Weeks (Weeks 22-25) Platform: Jupyter Notebook / LLM-assisted analysis workflows / forensic intelligence datasets Description: Introduce AI-assisted forensic analysis, evidence summarisation, suspect profiling, and forensic intelligence correlation, then conclude with a capstone report and presentation.
Labs:
| Lab | Title |
|---|---|
| Lab 01 | CKIM2024 AI for Forensics Hands-On Lab |
| Lab 02 | Identifying IP Addresses using a Fine-tuned AI Model |
| Lab 03 | Profiling Suspects Leveraging LLMs (Browser History) |
| Lab 04 | Political Insight Analysis Leveraging LLMs (Email) |
| Lab 05 | Forensic Intelligence Repository: Email Forensics |
| Lab 06 | Forensic Intelligence Repository: Illegal Possession of Images |
| Lab 07 | Capstone Evidence Correlation and Intelligence Fusion |
| Lab 08 | Final Forensic Report and Presentation |
Assessments:
- AI-assisted analysis notebook or structured worksheet
- Final capstone report and oral defence
| Week | Course Code | Course Title | Labs Covered |
|---|---|---|---|
| Week 01 | CIP-A101 | Linux Systems Fundamentals I | Lab 02 - Lab 06 |
| Week 02 | CIP-A101 | Linux Systems Fundamentals I | Lab 07 - Lab 14 |
| Week 03 | CIP-A101 | Linux Systems Fundamentals I | Lab 15 - Lab 25, Midterm, Final Exams |
| Week 04 | CIP-A102 | Linux Systems Fundamentals II | Lab 01 - Lab 08 |
| Week 05 | CIP-A102 | Linux Systems Fundamentals II | Lab 09 - Lab 15, Midterm |
| Week 06 | CIP-A102 | Linux Systems Fundamentals II | Lab 16 - Lab 18, Final Exams |
| Week 07 | CIP-A103 | Network Defence & Traffic Analysis | Lab 01 - Lab 04 |
| Week 08 | CIP-A103 | Network Defence & Traffic Analysis | Lab 05 - Lab 08 |
| Week 09 | CIP-A104 | Offensive Security Operations I | Lab 01 - Lab 06 |
| Week 10 | CIP-A104 | Offensive Security Operations I | Lab 07 - Lab 12 |
| Week 11 | CIP-A104 | Offensive Security Operations I | Lab 13 - Lab 18, Cyber Range |
| Week 12 | CIP-A105 | Offensive Security Operations II | Lab 19 - Lab 22 |
| Week 13 | CIP-A105 | Offensive Security Operations II | Lab 23 - Lab 26, Cyber Range |
| Week 14 | CIP-A106 | Critical Infrastructure Critical Infrastructure & ICS Security | Lab 01 - Lab 05 |
| Week 15 | CIP-A106 | Critical Infrastructure Critical Infrastructure & ICS Security | Lab 06 - Lab 10 |
| Week 16 | CIP-A106 | Critical Infrastructure Critical Infrastructure & ICS Security | Lab 11 - Lab 14, Cyber Range |
| Week 17 | CIP-A107 | Security Operations Centre (SOC) Essentials | Lab 01 - Lab 04 |
| Week 18 | CIP-A107 | Security Operations Centre (SOC) Essentials | Lab 05 - Lab 08 |
| Week 19 | CIP-A108 | Applied Security Engineering | Lab 01 - Lab 08 |
| Week 20 | CIP-A108 | Applied Security Engineering | Lab 09 - Lab 17 |
| Week 21 | CIP-A108 | Applied Security Engineering | Lab 18 - Lab 25, Cyber Range |
| Week 22 | CIP-A109 | Cloud Security Architecture | Lab 01 - Lab 05 |
| Week 23 | CIP-A109 | Cloud Security Architecture | Lab 06 - Lab 09 |
| Week 24 | CIP-A110 | Cloud Security Automation & DevSecOps | Lab 01 - Lab 04 |
| Week 25 | CIP-A110 | Cloud Security Automation & DevSecOps | Lab 05 - Lab 07 |
| Week 26 | -- | Final Assessment and Programme Wrap-Up | Capstone Review |
| Week | Course Code | Course Title | Labs Covered |
|---|---|---|---|
| Week 01 | CIP-B101 | Basic Computer Skills for Digital Forensics | Lab 01 - Lab 02 |
| Week 02 | CIP-B101 | Basic Computer Skills for Digital Forensics | Lab 03 - Lab 04 |
| Week 03 | CIP-B101 | Basic Computer Skills for Digital Forensics | Lab 05, skills check |
| Week 04 | CIP-B102 | Foundations of Computer and Digital Forensics | Lab 01 - Lab 02 |
| Week 05 | CIP-B102 | Foundations of Computer and Digital Forensics | Lab 03 - Lab 05 |
| Week 06 | CIP-B102 | Foundations of Computer and Digital Forensics | Lab 06 - Lab 07, forensic report template |
| Week 07 | CIP-B103 | Network Forensics Fundamentals | Lab 01 - Lab 04 |
| Week 08 | CIP-B103 | Network Forensics Fundamentals | Lab 05 - Lab 09 |
| Week 09 | CIP-B104 | Windows and Endpoint Forensics Casework | Lab 01 - Lab 06 |
| Week 10 | CIP-B104 | Windows and Endpoint Forensics Casework | Lab 07 - Lab 12 |
| Week 11 | CIP-B104 | Windows and Endpoint Forensics Casework | Lab 13 - Lab 18 |
| Week 12 | CIP-B104 | Windows and Endpoint Forensics Casework | Lab 19 - Lab 24 |
| Week 13 | CIP-B105 | Applied Investigative Case Studies | Lab 01 - Lab 03 |
| Week 14 | CIP-B105 | Applied Investigative Case Studies | Lab 04 - Lab 06 |
| Week 15 | CIP-B105 | Applied Investigative Case Studies | Lab 07 - Lab 09 |
| Week 16 | CIP-B105 | Applied Investigative Case Studies | Lab 10 - Lab 12 |
| Week 17 | CIP-B106 | Mobile and IoT Forensics | Lab 01 - Lab 05 |
| Week 18 | CIP-B106 | Mobile and IoT Forensics | Lab 06 - Lab 10 |
| Week 19 | CIP-B106 | Mobile and IoT Forensics | Lab 11 - Lab 15 |
| Week 20 | CIP-B106 | Mobile and IoT Forensics | Lab 16 - Lab 20 |
| Week 21 | CIP-B106 | Mobile and IoT Forensics | Lab 21 - Lab 25 |
| Week 22 | CIP-B107 | AI for Forensics and Capstone Intelligence Analysis | Lab 01 - Lab 02 |
| Week 23 | CIP-B107 | AI for Forensics and Capstone Intelligence Analysis | Lab 03 - Lab 04 |
| Week 24 | CIP-B107 | AI for Forensics and Capstone Intelligence Analysis | Lab 05 - Lab 06 |
| Week 25 | CIP-B107 | AI for Forensics and Capstone Intelligence Analysis | Lab 07 - Lab 08 |
| Week 26 | -- | Final Assessment and Programme Wrap-Up | Capstone review and oral defence |
All courses within the ICDFA Cybersecurity Internship Programme are assessed using a combination of the following methods:
Continuous Assessment (60%)
- Lab completion and performance grading
- Chapter exams administered after each chapter
- Midterm exams at the midpoint of applicable courses
- Cyber Range performance evaluations
Final Assessment (40%)
- Final course exams
- Final comprehensive exams
- Capstone project evaluation (Week 26)
- Professional report submissions and oral defence (Track B: AI for Forensics and Capstone Intelligence Analysis)
Grading Scale:
- 90-100%: Distinction
- 80-89%: Merit
- 70-79%: Pass
- Below 70%: Fail
Interns must achieve a minimum of 70% in each course to progress to the next course. The programme operates under a strict no-retake policy. Interns who fail a course will not be permitted to retake it within the same intake.
The ICDFA Cybersecurity Internship Programme is delivered in partnership with the following technology providers:
NDG (Network Development Group) -- NETLAB+ Primary lab delivery platform for all courses. Provides virtual lab environments for Linux, networking, ethical hacking, digital forensics, and security operations training.
Cisco Networking Academy Network security and routing fundamentals. Provides structured learning paths and industry-recognised certification preparation.
Palo Alto Networks Network security fundamentals, security operations, cloud security fundamentals, and cloud security automation courses. Provides next-generation firewall lab environments and security operations training.
Microsoft Azure Academy Cloud infrastructure and security services. Provides Azure credits and cloud security training resources.
Amazon Web Services (AWS) Academy Cloud security automation and infrastructure. Provides AWS credits and cloud-native security training.
LPI (Linux Professional Institute) Linux certification alignment and exam coupons. Linux Systems Fundamentals I and 2 align with the LPI LPIC-1 certification (Exams 101 and 102).
Attendance Policy Interns are expected to maintain a minimum attendance rate of 90%. Unexcused absences exceeding 10% of the total programme hours may result in dismissal from the programme.
Lab Discipline Policy All lab environments are professional training spaces. Interns must adhere to the following rules at all times:
- No unauthorised access to lab environments outside of scheduled sessions
- No use of lab tools or techniques against unauthorised targets
- No sharing of lab credentials or access with non-enrolled individuals
- No recording, screenshotting, or distributing lab content without authorisation
- Violation of any lab discipline rule will result in immediate removal from the programme
No-Retake Policy The programme operates under a strict no-retake policy. Interns who fail a course module will not be permitted to retake it within the same intake. Interns who wish to reattempt must apply for the next available intake.
Academic Integrity All work submitted must be the intern's own. Plagiarism, collusion, or any form of academic dishonesty will result in immediate dismissal from the programme.
Code of Conduct Interns are expected to conduct themselves professionally at all times. This includes respectful communication with instructors and peers, timely submission of assignments, and adherence to all programme policies.
Upon successful completion of all courses, labs, exams, and assessments within their selected track, interns will be awarded the:
Certified in Cybersecurity and Digital Forensics (CCDF)
The credential will carry the relevant specialisation endorsement:
- CCI -- Ethical Hacking (for Track A graduates)
- CCI -- Digital Forensics (for Track B graduates)
Interns who complete both tracks will receive both endorsements on their credential.
In addition, interns may be eligible for the following industry certification exam coupons, subject to course completion:
- LPI LPIC-1 101 Certification Exam Coupon (Linux Systems Fundamentals I)
- LPI LPIC-1 102 Certification Exam Coupon (Linux Systems Fundamentals II)
International Cybersecurity and Digital Forensics Academy (ICDFA) Developing Elite Cybersecurity Professionals