Request a Quote

NetworkForensics


From the author of “Network Forensics” (Prentice Hall, 2012) comes Network Forensics: Continuous Monitoring and Instrumentation. This fast-paced, intensive class includes traffic and flow record analysis, cloud-based network forensics, next-generation firewall, DLP and SIEM analysis, wireless and mobile network forensics, and malware network behavior analysis all packed into a dense 4 days, with hands-on technical labs throughout the class.

Upcoming Classes:

Black Hat USA: Las Vegas, NV July 22-25


Kalispell, MT August 21-24

Topics Covered in this Course

Packet Analysis

Wireless Traffic Analysis

Network Tunneling

Flow Record Analysis

Web Proxies

Network Intrusion Detection/Prevention Systems

Malware

Standard Format

Four (4) days, six (6) hours of instruction per day (including breaks for lunch and coffee).

Students Receive


  • “Network Forensics” textbook (Prentice Hall, 2012)
  • Lab Workbook (7 hands-on labs with in-depth solutions)
  • DVDs or USBs containing lab evidence
  • Virtual (VMware) forensic analysis workstations custom designed for lab use

Course Details

An employee clicks on a link in a phishing email. A worm propagates through your network, undetected. A keystroke logger listens quietly, exporting passwords once a week. How can you make sure you’re not the next organization in the papers? Better firewall rules? A newer generation IDS? Faster updating for A/V signatures? We all know none of these is the right solution by itself. The future of defense is practical network monitoring and forensics.

From the author of “Network Forensics: Tracking Hackers Through Cyberspace” (Prentice Hall, 2012) comes Network Forensics: Continuous Monitoring and Instrumentation. This fast-paced, intensive class includes traffic and flow record analysis, cloud-based network forensics, next-generation firewall, DLP and SIEM analysis, wireless and mobile network forensics, and malware network behavior analysis all packed into a dense 4 days, with hands-on technical labs throughout the class.

Catch an intellectual property theft in action based on flow record analysis alone then, peek inside the packet capture and carve out the sensitive proprietary data. Analyze a real-world cloud-based attack and track down the source of stolen administrator credentials. Correlate evidence from a DLP solution, firewall, and domain controller, and use it to fitnd a malicious insider engaged in database exfiltration. Detect an APT using scalable network forensics correlation techniques, and trace the attack back to the first infected “patient zero” on your network.

This class is newly updated to include scalable network monitoring architectures, large-scale analysis techniques, strategies for centralizing network-based evidence using SIEM systems, and automatic correlation of many network- and endpoint-based evidence sources.

Forensic investigators must be savvy enough to find network-based evidence, preserve it and extract the evidence in a scalable way. Network Forensics will teach you to how to follow the attacker’s footprints and efficiently analyze evidence from the network environment. Every student will receive a fully-loaded, bootable forensics workstation, designed by network forensics experts and distributed exclusively to Network Forensics students.

This class is for advanced students who are already familiar with the basics of TCP/IP networking, Linux and networking tools such as Wireshark and tcpdump. Bring your own caffeine and be ready.

CPE Credit

This class may potentially fill CPE requirements for CISSP certification.

Pedagogy


Each module of this course consists of instructor lecture, followed by instructor-led hands-on labs that are designed to explore the tools and techniques discussed. Additional reading materials are supplied by the accompanying Prentice Hall text (by the authors of the class). Students will be provided with a virtual machine to use as a network forensic workstation.

Who Should Take This Class:


  • Information security professionals with some  background in hacker exploits, penetration testing,  and incident response Incident
  • Response team members who are responding to  complex security incidents/intrusions and need to  utilize network forensics to help solve their cases  Law enforcement officers, federal agents, or  detectives who want to master network forensics  and expand their investigative skill set to include  packet captures, IDS/IPS analysis, web proxies,  covert channels, and a variety of network-based  evidence.
  • Network and computer forensic professionals who  want to solidify and expand their understanding of  network forensic and incident response related  topics
  • Networking professionals who would like to branch  out into forensics in order to understand information  security implications and work on investigations
  • Anyone with a firm technical background who might  be asked to investigate a data breach incident or  intrusion case
  • Individuals who are considered technically savvy
Request Training

LMG Security: Learn from the Best