Booking options
£3,497
£3,497
Delivered Online or In-Person
You travel to organiser or they travel to you
Redhill
3 days
All levels
This course studies network forensics-monitoring and
analysis of network traffic for information gathering,
intrusion detection and legal evidence. We focus on the
technical aspects of network forensics rather than other
skills such as incident response procedures etc.. Hands
on sessions follow all the major sections.
What will you learn
Recognise network forensic data sources.
Perform network forensics using:
Wireshark
NetFlow
Log analysis
Describe issues such as encryption.
Network forensics training course details
Who will benefit:
Technical network and/or security staff.
Prerequisites:
TCP/IP foundation for engineers.
Duration
3 days
What is network forensics?
What it is, host vs network forensics, purposes,
legal implications, network devices, network data
sources, investigation tools.
Hands on whois, DNS
queries.
Host side network forensics
Services, connections tools.
Hands on Windows
services, Linux daemons, netstat, ifoconfig/ipconfig,
ps and Process explorer, ntop, arp, resource
monitor.
Packet capture and analysis
Network forensics with Wireshark, Taps,
NetworkMiner.
Hands on Performing Network
Traffic Analysis using NetworkMiner and Wireshark.
Attacks
DOS attacks, SYN floods, vulnerability exploits,
ARP and DNS poisoning, application attacks, DNS
ANY requests, buffer overflow attacks, SQL
injection attack, attack evasion with fragmentation.
Hands on Detecting scans, using nmap, identifying
attack tools.
Calculating location
Timezones, whois, traceroute, geolocation. Wifi
positioning.
Hands on Wireshark with GeoIP
lookup.
Data collection
NetFlow, sflow, logging, splunk, splunk patterns,
GRR. HTTP proxies.
Hands on NetFlow
configuration, NetFlow analysis.
The role of IDS, firewalls and logs
Host based vs network based, IDS detection styles,
IDS architectures, alerting. Snort. syslog-ng.
Microsoft log parser.
Hands on syslog, Windows
Event viewer.
Correlation
Time synchronisation, capture times, log
aggregation and management, timelines.
Hands on
Wireshark conversations.
Other considerations
Tunnelling, encryption, cloud computing, TOR.
Hands on TLS handshake in Wireshark.