Network Forensics Analysis

    

Summary:
This workshop was developed to provide an introduction to the exciting and growing field of digital investigations and network forensics. It is designed to train investigators in electronic discovery and the fundamentals of conducting an effective network forensic examination. You will gain a set of investigative techniques focused on the use of vendor-neutral, open source tools.

Network Forensic Analysis is ideal for someone new to the digital forensic field. However, this course is also valuable to someone who has been in the field for a while and would like to brush up on a few topics. The attendee will learn through instruction and practical exercises sound forensic procedures, how to conduct examinations, and validate forensic operations as well as how to report findings in a clear and concise manner.

Throughout the course, real-world examples in conjunction with numerous hands-on exercises will provide practical forensics analysis skills.

Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.

This course has been created to ensure the student has the required skill set to perform forensically sound digital examination and document the findings in a clear concise report. Working in investigative teams, students will use forensic analysis tools to build a coherent picture of the network incident.

Duration:
5 Days/Lecture & Lab

Audience:
The "Network Forensic Analysis" workshop is specifically designed for corporate, government and Military personnel who, in the performance of their duties may be asked to conduct a basic digital forensic examination. This workshop is essential to information security, risk management, loss prevention, corporate security and law enforcement personnel who encounter digital evidence "on the wire" while conducting an investigation.

The course is ideally suited for personnel who are responding to network infiltration and exfiltration incidents and need to apply network forensics to help solve their cases as well as for those with some background in hacker exploits, penetration testing, and incident response

Topics:

• Identification
• Network Forensic Examination
• Electronic Discovery and Digital Evidence
• Tools of the Trade
• Seizure Concepts
• Documentation and Reporting

Prerequisites:
Participants must be familiar with common network functions and TCP/IP protocols. This workshop caters to those with no previous experience in network forensics; however, if you are just beginning in information security, then this course is not appropriate for you. Ideally, participants should be responsible for locating, collecting, analyzing, and testifying to evidence of malicious activity on a computer or network of computers.

Although not a prerequisite, this course is particularly recommended for students who have previously attended the Computer Network Analysis (CFA) class.
Important: You are required to bring your own laptop with a working copy of VMWare Workstation.

Last Update: May 20, 2013