Breach Collection and Analysis

CyberDefenses Academy



Available Upon Request


Available Upon Request

Delivery Method



Certification of Completion

Audience / Level



Profiling and Investigating with Maltego, Critical Thinking and Analysis


Laptop required

Course Details

Program Introduction

You’ve heard a breach occurred or been given compromised data –now what? How do you make sense of the information you see and turn it into something functional? If it’s user data, enforcing a policy of password reset and review makes sense, but what else? A key answer to that question is to examine the data—to analyze, map connections, and understand what picture it paints. One step of examination is performing link analysis. This form of investigation has four primary purposes:

  • Build patterns of connectivity and interest for objects.
  • Find matches for known patterns of interest between linked objects.
  • Find anomalies by discovering where known patterns are violated.
  • Find new patterns of interest (for example, in social networking and marketing and business intelligence).

After link analysis, comes a short list of other critical investigative steps that let you get the most out of the data at your disposal. Knowing your network footprint, knowledge discovery, social network analysis, entity relationships and patterns and so on, are critical steps to discovery.

When you don’t have the data, knowing good sources to find information and Structured Analysis Techniques can also assist in the search.

Course Objectives

Coming Soon

Target Student

Coming Soon


Monty St John
Monty St John is a computer science and information security expert, U.S. Navy and U.S. Air Force veteran, certified instructor, and author of dozens of classes for CyberDefenses. He has assisted numerous companies build and accredit laboratories, threat teams, and security operations centers. He’s also a prolific writer with two upcoming technical volumes set for 2018; Game Designer and Speaker. Learn more about Monty St John

Additional Information

  • Laptop required
  • Requires basic knowledge of computers, technology and command line interface (CLI)
    • Open and operate browsers
    • Find and use command line
    • Execute scripts
  • Prior network experience helpful, but not required.
  • Understanding of virtual machines (VM) and how to use one.
    • Understand how to import and power on a VM

Course Outline

  • Introduction
  • Background on data breaches
  • Sourcing Breaches
    • Clearnet Sources
    • Deep and Dark Sources
    • Access via Services
  • Verifying the breach
    • Discovery Location
    • Breadth/Extent
    • Structure and Contents
  • What is link analysis?
    • Process and Methodology
    • Patterns
    • Anomaly detection
    • Visualization
  • Network Footprint
    • How data leaves your network
    • Where data entering gets stolen
  • Knowledge Discovery
    • Natural patterns
    • Known patterns
    • Anchor persona
    • Center of gravity
  • Entity Relationships
    • Company to Company
    • Person to Company
    • Person to Person
  • Breach Analysis
    • Breach to profile
    • Profile to breach
    • Structured Analytic Techniques
  • Maltego
    • Discovery & Investigation
    • Offline work with Case File
  • Evolving Controls for the problem
  • Wrap-up & Close