1. Home
  2. Training courses
  3. Full catalogue of courses
  4. Network forensics: a practical approach

Network forensics: a practical approach

Registration
Start Date:
End Date:
Event dates
Start Date:
End Date:
Location
World or Multi-Regional
Training topics
  • Cybersecurity
Training type
Online instructor led
Languages
  • English
Event organizer
Computer Emergency Response Team of Mauritius (CERT-MU)
Event mail contact
kusmani@cert.ncb.mu
Coordinators
  • Manish Lobin
  • Kaleem Ahmed USMANI
  • Emmanuel NIYIKORA
Price
$0.00
Course level

Intermediate

Description

Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In the era of network attacks and malware threats, it's now more important than ever to have the skills required to investigate network attacks and vulnerabilities. Network Forensics starts with the core concepts like coding, networking, forensics tools, and methodologies for forensic investigations. We will also explore the tools used for network forensics, followed by understanding how to apply those tools to a PCAP file and write the accompanying report. By the end of this training, you will have gained hands-on experience of performing forensic analysis tasks.

This training is aimed at incident handlers, network engineers, security analysts, forensic engineers ( law enforcements officers working on digital forensic analysis) , and network administrators who want to extend their knowledge beyond that of a beginner to an intermediate level. 

The participants should have the basic knowledge in networking concepts and digital forensics.   

Upon completion of this course, participants will be able to:  

  • Understand Recognize key concepts that will aid in understanding network anomalies and behavior; 

  • Develop some fundamental knowledge and insights into skills required to conduct network forensics; 

  • Develop skills in investigating network behavior and patterns in relation to malware; 

  • Work with a variety of log types and gathering inputs to ultimately aid in network forensics exercises; 

  • Describe the procedures required for evidence collection during a network forensic exercise. 

The training will be carried out online through the ITU Academy Platform. It will include presentations by instructors and explanations on the exercises. The training will be conducted online by an instructor through live Zzoom sessions.  

An exam consisting of 25 – 30 multiple choice questions will be conducted on the last day.  

A total score higher than 70% is required to obtain the ITU certificate. 

Day 1 

Introducing Network Forensics 

  • Technical Requirements 

  • Network Forensics investigation  

  • Source of network evidence 

  • Wireshark Essentials 

 

Day 2 

Technical concepts and Acquiring Evidence 

  • Technical Requirements 

  • Inter-networking concept 

  • Log-based evidence 

  • Case Study 

 

Day 3  

Investigating Malware on the Network 

  • Dissecting malware on the network 

  • Intercepting malware 

  • Behaviour patterns and analysis  

 

Day 4 

Investigating and Analysing Logs 

  • Technical Requirements  

  • Network Intrusions and footprints 

  • Case Study 

 

Day 5 

Investigative procedures 

  • Evidence Seizure  

  • Evidence collection and storage 

  • Chain of custody 

 

Day 6 

Exam 

 

Registration information

Document on registration information (English)
Share in