Analyzing and Recognizing Cybercrime Patterns in Data

CyberDefenses Academy



Available Upon Request


Available Upon Request

Delivery Method



May be eligible for CPE credit. Check with your accreditation representative.

Audience / Level



Basic familiarity with cybersecurity topics, Linux Operating System and Command Line Interface (CLI)


Laptop required

Course Details

Program Introduction

This immersive threat intelligence, cyber-forensics course offers a deep dive into recognizing cybercrime patterns in data generated from real-life events. The course spans the discovery of patterns in large bundles of data and in diverse streams of information.

As a student, you will gain a grounded understanding of data pattern analysis through an introduction to patterns and regular expressions. You will also have an opportunity to develop applicable skills via hands-on practice in the form of labs. This series of labs is designed to help you learn how to leverage the techniques to find, solve, and investigate data.

You will become familiar with a variety of analytical techniques and open source tools that enable you to recognize, analyze, and profile data, organizations and individuals.

Basic familiarity with cybersecurity topics, Linux operation systems and Command Line Interface (CLI) will help you understand the topics in this course.

This training course combines lectures and hands-on exercises delivered by CyberDefenses and other subject matter experts.

Course Objectives

  • Define and recognize patterns
  • Build patterns with common tools such as E/Grep, Sed, Awk and Regex
  • Understand YARA, how it works, its uses and how it can be employed to define patterns to find files or information in files, regardless of type or state
  • Navigate large dumps of data, using pattern matching techniques to separate, categorize, and explore the data
  • Learn fundamentals of cluster analysis, its uses and how it can aid in classifying and predicting certain types of activity
  • Profile data via various analytical techniques, such as point pattern analysis, to understand events or spatial analysis to understand the reach, impact or measure or effect, for an event, threat actor or cyber operation
  • Develop intelligence reporting based on the analysis performed

Target Student

Member of law enforcement, industry or academia who are tasked with or interested in learning how to advance their investigative skills to solve cyber crime as well as other types of criminal cases. Inquire about discounts for law enforcement, veterans and NCFTA members at


Monty St John
Monty St John is a computer science and information security expert, U.S. Navy and U.S. Air Force veteran, certified instructor, and author of dozens of classes for CyberDefenses. He has assisted numerous companies build and accredit laboratories, threat teams, and security operations centers. He’s also a prolific writer with two upcoming technical volumes set for 2018; Game Designer and Speaker. Learn more about Monty St John

Additional Information

Course Outline

  • I. Introduction to Patterns
    • A. Pattern Recognition
    • B. Pattern Creation
    • C. Parsing Data
    • D. Regular Expressions
  • II. Introduction to the malware research tool YARA
    • A. Crafting YARA Rules
    • B. Analyzing Files
    • C. Profiling with YARA
  • III. Complex Pattern Analysis
    • A. Complex Pattern Recognition
    • B. Complex Pattern Creation
    • C. Analyzing Complex Patterns
View the Syllabus