From the author of “Network Forensics” (Prentice Hall, 2012) comes Network Forensics: Continuous Monitoring and Instrumentation. This fast-paced, intensive class includes traffic and flow record analysis, cloud-based network forensics, next-generation firewall, DLP and SIEM analysis, wireless and mobile network forensics, and malware network behavior analysis all packed into a dense 4 days, with hands-on technical labs throughout the class.
Wireless Traffic Analysis
Flow Record Analysis
Network Intrusion Detection/Prevention Systems
Four (4) days, six (6) hours of instruction per day (including breaks for lunch and coffee).
An employee clicks on a link in a phishing email. A worm propagates through your network, undetected. A keystroke logger listens quietly, exporting passwords once a week. How can you make sure you’re not the next organization in the papers? Better firewall rules? A newer generation IDS? Faster updating for A/V signatures? We all know none of these is the right solution by itself. The future of defense is practical network monitoring and forensics.
From the author of “Network Forensics: Tracking Hackers Through Cyberspace” (Prentice Hall, 2012) comes Network Forensics: Continuous Monitoring and Instrumentation. This fast-paced, intensive class includes traffic and flow record analysis, cloud-based network forensics, next-generation firewall, DLP and SIEM analysis, wireless and mobile network forensics, and malware network behavior analysis all packed into a dense 4 days, with hands-on technical labs throughout the class.
Catch an intellectual property theft in action based on flow record analysis alone then, peek inside the packet capture and carve out the sensitive proprietary data. Analyze a real-world cloud-based attack and track down the source of stolen administrator credentials. Correlate evidence from a DLP solution, firewall, and domain controller, and use it to fitnd a malicious insider engaged in database exfiltration. Detect an APT using scalable network forensics correlation techniques, and trace the attack back to the first infected “patient zero” on your network.
This class is newly updated to include scalable network monitoring architectures, large-scale analysis techniques, strategies for centralizing network-based evidence using SIEM systems, and automatic correlation of many network- and endpoint-based evidence sources.
Forensic investigators must be savvy enough to find network-based evidence, preserve it and extract the evidence in a scalable way. Network Forensics will teach you to how to follow the attacker’s footprints and efficiently analyze evidence from the network environment. Every student will receive a fully-loaded, bootable forensics workstation, designed by network forensics experts and distributed exclusively to Network Forensics students.
This class is for advanced students who are already familiar with the basics of TCP/IP networking, Linux and networking tools such as Wireshark and tcpdump. Bring your own caffeine and be ready.
This class may potentially fill CPE requirements for CISSP certification.
Each module of this course consists of instructor lecture, followed by instructor-led hands-on labs that are designed to explore the tools and techniques discussed. Additional reading materials are supplied by the accompanying Prentice Hall text (by the authors of the class). Students will be provided with a virtual machine to use as a network forensic workstation.
LMG Security: Learn from the Best