• Professional Development
  • Medicine & Nursing
  • Arts & Crafts
  • Health & Wellbeing
  • Personal Development

Course Images

Definitive network forensics for engineers

Definitive network forensics for engineers

  • 30 Day Money Back Guarantee
  • Completion Certificate
  • 24/7 Technical Support

Highlights

  • Delivered Online or In-Person

  • You travel to organiser or they travel to you

  • Redhill

  • 3 days

  • All levels

Description

Network forensics training course description

This course studies network forensics-monitoring and
analysis of network traffic for information gathering,
intrusion detection and legal evidence. We focus on the
technical aspects of network forensics rather than other
skills such as incident response procedures etc.. Hands
on sessions follow all the major sections.

What will you learn

  • Recognise network forensic data sources.

  • Perform network forensics using:
    Wireshark
    NetFlow
    Log analysis

  • Describe issues such as encryption.

Network forensics training course details

  • Who will benefit:

Technical network and/or security staff.

  • Prerequisites:

TCP/IP foundation for engineers.

  • Duration

3 days

Network forensics training course contents
  • What is network forensics?


What it is, host vs network forensics, purposes,
legal implications, network devices, network data
sources, investigation tools.
Hands on whois, DNS
queries.

  • Host side network forensics


Services, connections tools.
Hands on Windows
services, Linux daemons, netstat, ifoconfig/ipconfig,
ps and Process explorer, ntop, arp, resource
monitor.

  • Packet capture and analysis


Network forensics with Wireshark, Taps,
NetworkMiner.
Hands on Performing Network
Traffic Analysis using NetworkMiner and Wireshark.

  • Attacks


DOS attacks, SYN floods, vulnerability exploits,
ARP and DNS poisoning, application attacks, DNS
ANY requests, buffer overflow attacks, SQL
injection attack, attack evasion with fragmentation.

Hands on Detecting scans, using nmap, identifying
attack tools.

  • Calculating location


Timezones, whois, traceroute, geolocation. Wifi
positioning.
Hands on Wireshark with GeoIP
lookup.

  • Data collection


NetFlow, sflow, logging, splunk, splunk patterns,
GRR. HTTP proxies.
Hands on NetFlow
configuration, NetFlow analysis.

  • The role of IDS, firewalls and logs


Host based vs network based, IDS detection styles,
IDS architectures, alerting. Snort. syslog-ng.
Microsoft log parser.
Hands on syslog, Windows
Event viewer.

  • Correlation


Time synchronisation, capture times, log
aggregation and management, timelines.
Hands on
Wireshark conversations.

  • Other considerations


Tunnelling, encryption, cloud computing, TOR.

Hands on TLS handshake in Wireshark.

About The Provider

Tags

Reviews