- Manish Lobin
- Kaleem Ahmed USMANI
- Emmanuel NIYIKORA
Intermediate
Description
Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In the era of network attacks and malware threats, it's now more important than ever to have the skills required to investigate network attacks and vulnerabilities. Network Forensics starts with the core concepts like coding, networking, forensics tools, and methodologies for forensic investigations. We will also explore the tools used for network forensics, followed by understanding how to apply those tools to a PCAP file and write the accompanying report. By the end of this training, you will have gained hands-on experience of performing forensic analysis tasks.
This training is aimed at incident handlers, network engineers, security analysts, forensic engineers ( law enforcements officers working on digital forensic analysis) , and network administrators who want to extend their knowledge beyond that of a beginner to an intermediate level.
The participants should have the basic knowledge in networking concepts and digital forensics.
Upon completion of this course, participants will be able to:
Understand Recognize key concepts that will aid in understanding network anomalies and behavior;
Develop some fundamental knowledge and insights into skills required to conduct network forensics;
Develop skills in investigating network behavior and patterns in relation to malware;
Work with a variety of log types and gathering inputs to ultimately aid in network forensics exercises;
Describe the procedures required for evidence collection during a network forensic exercise.
The training will be carried out online through the ITU Academy Platform. It will include presentations by instructors and explanations on the exercises. The training will be conducted online by an instructor through live Zzoom sessions.
An exam consisting of 25 – 30 multiple choice questions will be conducted on the last day.
A total score higher than 70% is required to obtain the ITU certificate.
Day 1
Introducing Network Forensics
Technical Requirements
Network Forensics investigation
Source of network evidence
Wireshark Essentials
Day 2
Technical concepts and Acquiring Evidence
Technical Requirements
Inter-networking concept
Log-based evidence
Case Study
Day 3
Investigating Malware on the Network
Dissecting malware on the network
Intercepting malware
Behaviour patterns and analysis
Day 4
Investigating and Analysing Logs
Technical Requirements
Network Intrusions and footprints
Case Study
Day 5
Investigative procedures
Evidence Seizure
Evidence collection and storage
Chain of custody
Day 6
Exam
Registration information
Unless specified otherwise, all ITU Academy training courses are open to all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female participants, and participants from developing countries. This includes least developed countries, small island developing states and landlocked developing countries.