Cybersecurity Investigations and Network Forensics Analysis Training

Print Friendly, PDF & Email
Introduction

Cybersecurity Investigations and Network Forensics Analysis Training Course Description

Learn to identify and capture suspicious data and patterns in seemingly unsuspicious traffic with this Cybersecurity Investigations and Network Forensics Analysis Training.

In this Cybersecurity Investigations and Network Forensics Analysis Training course, you will develop the skills not only to capture suspicious data, but also to discern unusual patterns hidden within seemingly normal network traffic. You will gain a set of investigative techniques focused on the use of vendor-neutral, open source tools to provide insight into:

• Forensics analysis fundamentals
• Data recorder technology and data mining
• Network security principles, including encryption technologies and defensive configurations of network infrastructure devices
• Security threat recognition for a variety of common network attack and exploit scenarios, including network reconnaissance techniques, Bot-Net threat recognition, and man-in-the-middle attacks, and common user protocol vulnerabilities, such as IP-related protocols (IP/TCP, DNS, ARP, ICMP), e-mail protocols (POP/SMTP/IMAP), and other common Internet-based user protocols
• Open source network forensics tools
• Specialized network forensics analysis techniques, including suspicious data traffic reconstruction and viewing techniques

Throughout the Cybersecurity Investigations and Network Forensics Analysis Training course, real-world examples in conjunction with numerous hands-on exercises will provide practical forensics analysis skills.

Duration: 5 days

Cybersecurity Investigations and Network Forensics Analysis Training Related Courses

Customize It!

• We can adapt this Cybersecurity Investigations and Network Forensics Analysis Training course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this Cybersecurity Investigations and Network Forensics Analysis Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Cybersecurity Investigations and Network Forensics Analysis Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Cybersecurity Investigations and Network Forensics Analysis Training course in manner understandable to lay audiences.

Audience / Target Group

• Network engineers, network security professionals, who possess basic- to intermediate-level general security and networking knowledge
• Personnel who have working knowledge of host-based forensics analysis and want to gain expertise in the end-to-end digital forensics process

Cybersecurity Investigations and Network Forensics Analysis Training - Objectives:

After completing this Cybersecurity Investigations and Network Forensics Analysis Training course, attendees will be able to:

• Principles of network forensics analysis and how to apply them
• Configure various open source tools for network forensics analysis
• Utilize tools to recognize traffic patterns associated with suspicious network behavior
• Reconstruct suspicious activities such as e-mails, file transfers, or web browsing for detailed analysis and evidentiary purposes
• Recognize potential network security infrastructure misconfigurations

Cybersecurity Investigations and Network Forensics Analysis Training - Course Content:

Introduction To Network Forensic Analysis

Overview and history of Network Forensics Analysis
Answering the key incident questions
Six step Network Forensics Analysis Methodology

Collecting the Data – Data Capture and Statistical Forensics Analysis

Data Collection
Location –How Network Infrastructure Devices Affect Forensics Analysis
Hubs, Switches, Bridges, Routers, Firewalls and CSU / DSU
Stealth / Silent Collection of Data – Tips & Techniques
Labs – Getting Acquainted – Just how Much Data is out There?

Technology Challenges – Forensics Analysis in Wired and WLAN Environments

Layer 2 vs. Layer 3 vs. Later 4 Addressing
IEEE 802.3 Ethernet vs. IEEE 802.11 Frame Formats
Using Names as a Forensics Analysis Aid
WLAN Device Analysis
Forensic Assessment of key Protocol Statistics
Labs – Analyzing Node and Protocol Statistics for suspicious activitiesa

Forensic Evaluation of Statistical Network Data

Assessment of Key Network and Forensics Statistics
Analyzing the 3 Different Network Communication Architectures
Analyzing Suspicious Conversations and Activities – What’s a Bot-Net?
Interpreting Protocol Decodes and Packet File Navigation Tips including advanced search functions
Labs – Statistical Assessment of the Network & Protocol and Conversation Forensic Analysis

Forensics Analysis Using Expert Systems

Using Expert Systems to Determine Suspicious Activity
Determining Which Conversations Are Suspect – Analyzing Latency and Throughput to identify suspicious behavior
Labs – A Tale of Two Networks

Forensic Coloring and Filtering Techniques

Constructing and Applying Specialty Forensics Coloring Rules and advanced Specialty Forensics Filters
Importing / Exporting Filters and Coloring Rules
Labs – Advanced Filtering for Forensic Analysis

Tracking and Reconstruction of Packet and Data Flows

Diagramming and Interpreting a Conversation
Packet Flow Reconstruction and Analysis
Deep-Level Forensic Analysis of Packet Contents
Labs – Diagramming a Conversation – Packets Never Lie

Forensics Analysis of Network Applications and User Traffic

Introduction to Common Networking Protocols and Their Vulnerabilities
What’s Normal vs. Abnormal – The Role of Baseline Files
Building a Baseline Library – Where Do I go to Find Out?

Forensics Analysis of IP
Structure and Analysis of IPv4 vs. IPv6
IP Fragmentation, IP Header Checksums and Forensic analysis of IPv4 Option fields
Common IP Exploits and Examples of Intrusion Signatures
IP Tunnel Attacks – What’s the Big Deal?
Labs – Evaluating IP Security

Forensic Analysis of DNS

Structure and Analysis of DNS vs. DNSsec and LMNR
Analyzing DNS Messages and DNS Exploits
Labs – Forensic Analysis of DNS

Internet Control Message Protocol (ICMP) and Network Forensics

Structure and Analysis of ICMPv4 vs. ICMPv6
Analyzing ICMP Messages and Suspicious ICMP Traffic Analysis
Labs – Forensic Analysis of ICMP

Forensics Analysis of TCP

Structure and Analysis of TCP
TCP Header Checksums and Forensic Analysis of TCP Option fields
Common TCP Exploits and Examples of Intrusion Signatures
Labs – Forensic Analysis of TCP

Forensic Analysis of User Traffic and Common User Protocol Exploits

Email Applications Using POP / SMTP / IMAP
Web-Based Applications Using HTTP
VoIP Applications
Instant Messenger Applications
Labs – Forensic Analysis of User Traffic, VoIP Call Interception and Playback and Application Reconstruction – Email / Web / Instant Messenger / File Transfers

What is Happening to my Email Server?
Who is Scanning the Network
What a Mess! – Multiple Threats and Simultaneous Attacks

Appendix 1 – Forensic Analysis Reference Information
Appendix 2 – Baseline Forensics Trace Files
Appendix 3 – Protocol Options Reference

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment

0