This course studies network forensics—monitoring and analysis of network traffic for information gathering, intrusion detection and legal evidence. We focus on the technical aspects of network forensics rather than other skills such as incident response procedures etc.. Hands on sessions follow all the major sections.
What it is, host vs network forensics, purposes,
legal implications, network devices, network data
sources, investigation tools.
Hands on whois, DNS queries.
Services, connections tools.
Hands on Windows services, Linux daemons, netstat, ifoconfig/ipconfig, ps and Process explorer, ntop, arp, resource monitor.
Network forensics with Wireshark, Taps,
Hands on Performing Network Traffic Analysis using NetworkMiner and Wireshark.
DOS attacks, SYN floods, vulnerability exploits,
ARP and DNS poisoning, application attacks, DNS
ANY requests, buffer overflow attacks, SQL
injection attack, attack evasion with fragmentation.
Hands on Detecting scans, using nmap, identifying attack tools.
Timezones, whois, traceroute, geolocation. Wifi
Hands on Wireshark with GeoIP lookup.
NetFlow, sflow, logging, splunk, splunk patterns,
GRR. HTTP proxies.
Hands on NetFlow configuration, NetFlow analysis.
Host based vs network based, IDS detection styles,
IDS architectures, alerting. Snort. syslog-ng.
Microsoft log parser.
Hands on syslog, Windows Event viewer.
Time synchronisation, capture times, log
aggregation and management, timelines.
Hands on Wireshark conversations.
Tunnelling, encryption, cloud computing, TOR.
Hands on TLS handshake in Wireshark.
"Very good with deep product knowledge."
"Enjoyable course, good week. Clarified things very well for me."
This structured course uses Instructor Led Training to provide the best possible learning experience. Small class sizes ensure students benefit from our engaging and interactive style of teaching with delegates encouraged to ask questions throughout the course. Quizzes follow each major section allowing checking of learning. Hands on sessions are used throughout to allow delegates to consolidate their new skills.