Share Description
In this course, you will :
- covers all of the key concepts and tools in this rapidly evolving technical field
- The course begins with a review of the fundamentals: the goals of network forensics, the typical toolset of a network forensic investigator, and the legal implications of this type of work.
- shows how to prepare for an investigation, collect network logs and investigate network events, collect and investigate network traffic, and use network forensics tools like Wireshark, Splunk, and tcpdump.
- uses a combination of open-source and commercial software to help you find the information you need while staying within your budget.
Syllabus :
1. Understanding Network Forensics
- Goals of network forensics
- Tools
- Legal implications
- Current and future trends
- Anti-network forensics techniques
2. Preparing for a Network Forensics Investigation
- Network forensics investigation hardware
- Network forensics investigation software
- Understanding computer networking
- Understanding networking devices
- Understanding network data sources
3. Investigating Network Events
- Network logs
- Intrusion and security events
- Network logs as evidence
- Network logs and compliance
- Audit logs
- Firewall logs
- syslog
- syslog-ng
- Kiwi Syslog Server
- Microsoft Log Parser
4. Investigating Network Traffic
- Fundamentals
- Network models
- Subnets, subnet ID, and subnet mask
- Protocol analysis
- ARP
- ARP poisoning
- DNS
- DNS poisoning
5. Network Forensics Tools
- tcpdump and WinDump
- tcpdump and WinDump hands-on
- Wireshark
- Wireshark hands-on
- HTTP proxies
- HTTP proxies hands-on
- Splunk
- Splunk hands-on
