Cybersecurity Investigations and Network Forensics Analysis Training

Cybersecurity Investigations and Network Forensics Analysis

Course Delivery

This Course is available in the following format:

Request this course in a different delivery format

GSA Schedule 70 Saving for Government Customers

Course Overview:

Cybersecurity Investigations and Network Forensics Analysis Course Description

Learn to identify and capture suspicious data and patterns in seemingly unsuspicious traffic with this Cybersecurity Investigations and Network Forensics Analysis Training.

In this Cybersecurity Investigations and Network Forensics Analysis Training course, you will develop the skills not only to capture suspicious data, but also to discern unusual patterns hidden within seemingly normal network traffic. You will gain a set of investigative techniques focused on the use of vendor-neutral, open source tools to provide insight into:

• Forensics analysis fundamentals
• Data recorder technology and data mining
• Network security principles, including encryption technologies and defensive configurations of network infrastructure devices
• Security threat recognition for a variety of common network attack and exploit scenarios, including network reconnaissance techniques, Bot-Net threat recognition, and man-in-the-middle attacks, and common user protocol vulnerabilities, such as IP-related protocols (IP/TCP, DNS, ARP, ICMP), e-mail protocols (POP/SMTP/IMAP), and other common Internet-based user protocols
• Open source network forensics tools
• Specialized network forensics analysis techniques, including suspicious data traffic reconstruction and viewing techniques

Throughout the Cybersecurity Investigations and Network Forensics Analysis Training course, real-world examples in conjunction with numerous hands-on exercises will provide practical forensics analysis skills.

Customize It:

• If you are familiar with some aspects of this course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the course in manner understandable to lay audiences.

Related Courses:

Cyber Threats Detection and Mitigation Training
Cybersecurity Foundations Training

Audience / Target Group:

The target audience for this Cybersecurity Investigations and Network Forensics Analysis course

• Network engineers, network security professionals, who possess basic- to intermediate-level general security and networking knowledge
• Personnel who have working knowledge of host-based forensics analysis and want to gain expertise in the end-to-end digital forensics process

What You Will Learn:

Upon completing this Cybersecurity Investigations and Network Forensics Analysis course, learners will be able to meet these objectives:

• Principles of network forensics analysis and how to apply them
• Configure various open source tools for network forensics analysis
• Utilize tools to recognize traffic patterns associated with suspicious network behavior
• Reconstruct suspicious activities such as e-mails, file transfers, or web browsing for detailed analysis and evidentiary purposes
• Recognize potential network security infrastructure misconfigurations

Cybersecurity Investigations and Network Forensics Analysis – Course Syllabus:

1. Introduction tNetwork Forensic Analysis

History of Network Forensics Analysis
Answering the Five Key Questions
Six-Step Network Forensics Analysis Methodology

2. Data Capture and Statistical Forensics Analysis

Data Collection
Case Study 1: Firewall Capture and the Welchia Worm Penetration
Technology Challenges: Forensics Analysis in Wired and WLAN Environments
Forensic Evaluation of Statistical Network Data
Forensics Analysis Using Expert Systems
Forensic Coloring and Filtering Techniques
Case Study 2: Locating Key Text Strings and Identifying Information
Tracking and Reconstructing Packet and Data Flows
Case Study 3: Reconstructing Suspicious Multiple Segment Conversations

3. Forensics Analysis of Network Applications and User Traffic

Common Networking Protocols and Their Vulnerabilities
Forensics Analysis of IP
Forensic Analysis of DNS

-Case Study 4: The Kaminsky DNS Vulnerability
Internet Control Message Protocol (ICMP) and Network Forensics

-Case Study 5: Whis Knocking on the Door? Identifying a Network Mapping Intrusion
Forensics Analysis of TCP

-Case Study 6: Determining the Source of a TCP SYN Flood Attack
Forensic Analysis of User Traffic and Common User Protocol Exploits

Case Study 7: Putting it All Together

Appendix 1: Forensic Analysis Reference Information
Appendix 2: Baseline Forensics Trace Files

Lab 1: Getting Acquainted: Just How is Data Out There?
Lab 2: Analyzing Node and Protocol Statistics for Suspicious Activities
Lab 3: Statistical Assessment of the Network
Lab 4: Protocol and Conversation Forensic Analysis
Lab 5: A Tale of Two Networks
Lab 6: Advanced Filtering for Forensic Analysis
Lab 7: Diagramming a Conversation: Packets Never Lie
Lab 8: Evaluating IP Security
Lab 9: Forensic Analysis of DNS
Lab 10: Forensic Analysis of ICMP
Lab 11: Forensic Analysis of TCP
Lab 12: Forensic Analysis of User Traffic
Lab 13: VoIP Call Interception and Playback
Lab 14: Application Reconstruction: E-mail / Web / Instant Messenger / File Transfers
Lab 15: What is Happening to My E-mail Server?
Lab 16: Who is Scanning the Network?
Lab 17: What a Mess! Multiple Threats and Simultaneous Attacks

Whether you are looking for general information or have a specific question, we want to help

Request More Information

Time Frame: 0-3 Months4-12 Months


If multiple locations, please list in the additional comments field.


Public Training Schedule
Private Group Training

Print Friendly, PDF & Email