Enterprises all over the globe are compromised remotely by hackers each day. Credit card numbers, proprietary information, account usernames and passwords, and a wealth of other valuable data are surreptitiously transferred across the network. Insider attacks leverage cutting-edge covert tunneling techniques to export data from highly secured environments. Attackers’ footprints remain throughout the network, in firewall logs, IDS/IPS, web proxies, traffic captures, and more.
From the authors of Network Forensics: Tracking Hackers Through Cyberspace (Prentice Hall, 2012) comes the four-day Network Forensics course. Taught by the authors themselves, this fast-paced class includes packet analysis, statistical flow record analysis, wireless forensics, intrusion detection and analysis, network tunneling, malware network behavior-all packed into a dense 4 days, with hands-on technical labs throughout the class.
Reconstruct a suspect’s web surfing history– and cached web pages, too– from a web proxy. Carve out suspicious email attachments from packet captures. Analyze a real-world wireless encryption cracking attack (and then crack the key yourself) from captured traffic. Dissect DNS-tunneled traffic and learn to carve TCP segments with just your eyeballs and a hex editor. Use flow record analysis tools to pick out brute-force attacks and hone in on compromised systems, as the attacker pivots through the enterprise. Pick apart the Operation Aurora exploit, caught by a network sniffer.
Forensic investigators must be savvy enough to find network-based evidence, preserve it and extract the evidence. Network Forensics will give you hands-on experience analyzing covert channels, carving cached web pages out of proxies, identifying attackers and victims using flow records, carving malware from packet captures, and correlating the evidence to build a solid case.
Network Forensics will teach you to how to follow the attacker’s footprints and analyze evidence from the network environment. Every student will receive a fully-loaded, portable forensics workstation, designed by forensics experts and distributed exclusively to Network Forensics students.
This class is for technical students who are already familiar with the basics of TCP/IP networking, Linux and networking tools such as Wireshark and tcpdump. Bring your own caffeine and be ready.
This class may potentially fill CPE requirements for CISSP certification.
- “Network Forensics” textbook (Prentice Hall, 2012)
- Lab Workbook (7 hands-on labs with in-depth solutions)
- DVDs or USBs containing lab evidence
- Virtual (VMware) forensic analysis workstations custom designed for lab use
Topics Covered in this Course
- Packet Analysis
- Wireless Traffic Analysis
- Network Tunneling
- Flow Record Analysis
- Network Intrusion Detection/Prevention Systems
- Web Proxies
Four (4) days, six (6) hours of instruction per day (including breaks for lunch and coffee).
Each module of this course consists of instructor lecture, followed by instructor-led hands-on labs that are designed to explore the tools and techniques discussed. Additional reading materials are supplied by the accompanying Prentice Hall text (by the authors of the class). Students will be provided with a virtual machine to use as a network forensic workstation.
Who Should Take This Class:
- Information security professionals with some background in hacker exploits, penetration testing, and incident response
- Incident Response team members who are responding to complex security incidents/intrusions and need to utilize network forensics to help solve their cases
Law enforcement officers, federal agents, or detectives who want to master network forensics and expand their investigative skill set to include packet captures, IDS/IPS analysis, web proxies, covert channels, and a variety of network-based evidence.
- Network and computer forensic professionals who want to solidify and expand their understanding of network forensic and incident response related topics
- Networking professionals who would like to branch out into forensics in order to understand information security implications and work on investigations
- Anyone with a firm technical background who might be asked to investigate a data breach incident, intrusion case, or investigates individuals that are considered technical savvy