3.2 Determine the steps to investigate the common types of cases
3.3 Apply the concepts and sequence of steps in the malware analysis process:
3.3.a Extract and identify samples for analysis (for example, from packet capture or packet analysis tools)
3.3.b Perform reverse engineering
3.3.c Perform dynamic malware analysis using a sandbox environment
3.3.d Identify the need for additional static malware analysis
3.3.e Perform static malware analysis
3.3.f Summarize and share results
3.4 Interpret the sequence of events during an attack based on analysis of traffic patterns
3.5 Determine the steps to investigate potential endpoint intrusion across a variety of platform types (for example, desktop, laptop, IoT, mobile devices)
3.6 Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs), given a scenario
3.7 Determine IOCs in a sandbox environment (includes generating complex indicators)
3.8 Determine the steps to investigate potential data loss from a variety of vectors of modality (for example, cloud, endpoint, server, databases, application), given a scenario
3.9 Recommend the general mitigation steps to address vulnerability issues
3.10 Recommend the next steps for vulnerability triage and risk analysis using industry scoring systems (for example, CVSS) and other techniques