Focal Point - Network Forensics and Investigation I

Network Forensics and Investigation teaches attendees to differentiate between normal and abnormal network traffic, track the flow of packets through a network, and attribute conversations and actions taken over a network segment to specific hosts or users. This course focuses on research, filtering, and comparative analysis to identify and attribute the different types of activity on a network. Students will learn how to follow conversations across a wide range of protocols and through redirection and how to develop custom filters for non-dissected protocols. On Day 5 of the course, you will participate in a team-based capture-the-flag exercise to test your new skills.

Retail Price: $4,750.00

Next Date: Request Date

Course Days: 5


Request a Date

Request Custom Course


WHAT YOU'LL LEARN

  • Create a baseline of the protocols, hosts and interactions in a network environment
  • Identify anomalous network traffic using a combination of in-depth packet analysis and high-level statistical analysis
  • Reconstruct event timelines and accurately correlate, or distinguish between, event threads
  • Identify and extract network artifacts for further forensic analysis
  • Compare observed network traffic to expected topology
  • Research and analyze unknown (non-dissected) protocols
  • Derive data of interest from encrypted traffic flows

WHO SHOULD ATTEND?

  • Network analysts seeking to develop security-related skills
  • Incident responders needing to quickly address system security breaches
  • Penetration testers looking to reduce their detectability
  • Threat operations analysts seeking a better understanding of network intrusions
  • All network administrators needing a better understanding of network security

PREREQUISITES

  • A broad understanding of TCP/IP and associated protocols
  • Knowledge of network hardware and segment types
  • Previous exposure to Wireshark or other protocol analysis software is also recommended
  • CompTIA Network+ Certification Prep Course
  • TCP/IP Networking
  • Troubleshooting TCP/IP Networks with Wireshark

COURSE OUTLINE

  1. Building Blocks
  2. OSI &TCP/IP Review
  3. Wireshark Primer
  4. Day in the Life (Common Protocols)
  5. Extracting Objects
  6. TCP - A Deeper Look
  7. Analytic Approach
  8. Open-Source Research
  9. Isolating Traffic
  10. Routing Principles
  11. Traceroute Analysis
  12. Standards and Protocol Analysis
  13. HTTP Analytics
  14. Encoding and Encryption
  15. Encrypted Traffic Analysis
  16. Big Capture
  17. More Tools and Tricks


Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com


Request a Date