Cybersecurity Investigations and Network Forensics Analysis Training

Commitment 5 Days, 7-8 hours a day.
Language English
User Ratings Average User Rating 4.8 See what learners said
Price REQUEST
Delivery Options Instructor-Led Onsite, Online, and Classroom Live

COURSE OVERVIEW

Learn to identify and capture suspicious data and patterns in seemingly unsuspicious traffic with this Cybersecurity Investigations and Network Forensics Analysis Training.

In this Cybersecurity Investigations and Network Forensics Analysis Training course, you will develop the skills not only to capture suspicious data but also to discern unusual patterns hidden within seemingly normal network traffic. You will gain a set of investigative techniques focused on the use of vendor-neutral, open-source tools to provide insight into:

  • Forensics analysis fundamentals
  • Data recorder technology and data mining
  • Network security principles, including encryption technologies and defensive configurations of network infrastructure devices
  • Security threat recognition for a variety of common network attack and exploit scenarios, including network reconnaissance techniques, Bot-Net threat recognition, man-in-the-middle attacks, and common user protocol vulnerabilities, such as IP-related protocols (IP/TCP, DNS, ARP, ICMP), e-mail protocols (POP/SMTP/IMAP), and other common Internet-based user protocols
  • Open-source network forensics tools
  • Specialized network forensics analysis techniques, including suspicious data traffic reconstruction and viewing techniques

Throughout the Cybersecurity Investigations and Network Forensics Analysis Training course, real-world examples in conjunction with numerous hands-on exercises will provide practical forensics analysis skills.

WHAT'S INCLUDED?
  • 5 days of Cybersecurity Investigations and Network Forensics Analysis Training with an expert instructor
  • Cybersecurity Investigations and Network Forensics Analysis Electronic  Course Guide
  • 100% Satisfaction Guarantee
  • Certificate of Completion
RESOURCES
RELATED COURSES

ADDITIONAL INFORMATION

COURSE OBJECTIVES

Upon completing this Cybersecurity Investigations and Network Forensics Analysis Training course, learners will be able to meet these objectives:

  • Principles of network forensics analysis and how to apply them
  • Configure various open-source tools for network forensics analysis
  • Utilize tools to recognize traffic patterns associated with suspicious network behavior
  • Reconstruct suspicious activities such as e-mails, file transfers, or web browsing for detailed analysis and evidentiary purposes
  • Recognize potential network security infrastructure misconfigurations
CUSTOMIZE IT
  • We can adapt this Cybersecurity Investigations and Network Forensics Analysis Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Cybersecurity Investigations and Network Forensics Analysis course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Cybersecurity Investigations and Network Forensics Analysis course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Cybersecurity Investigations and Network Forensics Analysis course in a manner understandable to lay audiences.
AUDIENCE/TARGET GROUP

The target audience for this Cybersecurity Investigations and Network Forensics Analysis Training course:

  • Network engineers, and network security professionals, who possess basic- to intermediate-level general security and networking knowledge
  • Personnel who have a working knowledge of host-based forensics analysis and want to gain expertise in the end-to-end digital forensics process
CLASS PREREQUISITES

The knowledge and skills that a learner must have before attending this Cybersecurity Investigations and Network Forensics Analysis Training course are:

  • Understanding of fundamental information security concepts
  • Working knowledge of networking devices and protocols
  • Exposure to pen testing and network monitoring tools and methodologies
  • Basic knowledge of Linux and Windows command line

COURSE SYLLABUS

Introduction To Network Forensic Analysis
  • Overview and history of Network Forensics Analysis
  • Answering the key incident questions
  • Six-step Network Forensics Analysis Methodology
Collecting the Data – Data Capture and Statistical Forensics Analysis
  • Data Collection
  • Location –How Network Infrastructure Devices Affect Forensics Analysis
  • Hubs, Switches, Bridges, Routers, Firewalls, and CSU / DSU
  • Stealth / Silent Collection of Data – Tips & Techniques
  • Labs – Getting Acquainted – Just how Much Data is out There?
Technology Challenges – Forensics Analysis in Wired and WLAN Environments
  • Layer 2 vs. Layer 3 vs. Later 4 Addressing
  • IEEE 802.3 Ethernet vs. IEEE 802.11 Frame Formats
  • Using Names as a Forensics Analysis Aid
  • WLAN Device Analysis
  • Forensic Assessment of key Protocol Statistics
  • Cybersecurity Investigations and Network Forensics Analysis Training
  • Labs – Analyzing Node and Protocol Statistics for suspicious activities
Forensic Evaluation of Statistical Network Data
  • Assessment of Key Network and Forensics Statistics
  • Analyzing the 3 Different Network Communication Architectures
  • Analyzing Suspicious Conversations and Activities – What’s a Bot-Net?
  • Interpreting Protocol Decodes and Packet File Navigation Tips including advanced search functions
  • Labs – Statistical Assessment of the Network & Protocol and Conversation Forensic Analysis
Forensics Analysis Using Expert Systems
  • Using Expert Systems to Determine Suspicious Activity
  • Determining Which Conversations Are Suspect – Analyzing Latency and Throughput to identify suspicious behavior
  • Labs – A Tale of Two Networks
Forensic Coloring and Filtering Techniques
  • Constructing and Applying Specialty Forensics Coloring Rules and advanced Specialty Forensics Filters
  • Importing / Exporting Filters and Coloring Rules
  • Labs – Advanced Filtering for Forensic Analysis
Tracking and Reconstruction of Packet and Data Flows
  • Diagramming and Interpreting a Conversation
  • Packet Flow Reconstruction and Analysis
  • Deep-Level Forensic Analysis of Packet Contents
  • Labs – Diagramming a Conversation – Packets Never Lie
Forensics Analysis of Network Applications and User Traffic
  • Introduction to Common Networking Protocols and Their Vulnerabilities
  • What’s Normal vs. Abnormal – The Role of Baseline Files
  • Building a Baseline Library – Where Do I go to Find Out?
  • Forensics Analysis of IP
  • Structure and Analysis of IPv4 vs. IPv6
  • IP Fragmentation, IP Header Checksums, and Forensic analysis of IPv4 Option fields
  • Common IP Exploits and Examples of Intrusion Signatures
  • Cybersecurity Investigations and Network Forensics Analysis Training
  • IP Tunnel Attacks – What’s the Big Deal?
  • Labs – Evaluating IP Security
Forensic Analysis of DNS
  • Structure and Analysis of DNS vs. DNSsec and LMNR
  • Analyzing DNS Messages and DNS Exploits
  • Labs – Forensic Analysis of DNS
Internet Control Message Protocol (ICMP) and Network Forensics
  • Structure and Analysis of ICMPv4 vs. ICMPv6
  • Analyzing ICMP Messages and Suspicious ICMP Traffic Analysis
  • Labs – Forensic Analysis of ICMP
Forensics Analysis of TCP
  • Structure and Analysis of TCP
  • TCP Header Checksums and Forensic Analysis of TCP Option fields
  • Common TCP Exploits and Examples of Intrusion Signatures
  • Labs – Forensic Analysis of TCP
Forensic Analysis of User Traffic and Common User Protocol Exploits
  • Email Applications Using POP / SMTP / IMAP
  • Web-Based Applications Using HTTP
  • VoIP Applications
  • Instant Messenger Applications
  • Labs – Forensic Analysis of User Traffic, VoIP Call Interception, and Playback and Application Reconstruction – Email / Web / Instant Messenger / File Transfers
  • What is Happening to my Email Server?
  • Who is Scanning the Network
  • What a Mess! – Multiple Threats and Simultaneous Attacks

Appendix 1 – Forensic Analysis Reference Information
Appendix 2 – Baseline Forensics Trace Files
Appendix 3 – Protocol Options Reference

Cybersecurity Investigations and Network Forensics Analysis TrainingCybersecurity Investigations and Network Forensics Analysis Training Course Recap, Q/A, and Evaluations

REQUEST MORE INFORMATION