Start Date:
End Date:
Event dates
Start Date:
End Date:
World or Multi-Regional
Training topics
  • Cybersecurity
Training type
Online instructor led
  • English
Event organizer
Computer Emergency Response Team of Mauritius (CERT-MU)
Event mail contact
  • Kaleem Ahmed USMANI
  • Emmanuel NIYIKORA
  • Manish Lobin
Course level



Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In the era of network attacks and malware threats, it's now more important than ever to have the skills required to investigate network attacks and vulnerabilities. Network Forensics starts with the core concepts like coding, networking, forensics tools, and methodologies for forensic investigations. We will also explore the tools used for network forensics, followed by understanding how to apply those tools to a PCAP file and write the accompanying report. By the end of this training, you will have gained hands-on experience of performing forensic analysis tasks.

This training is aimed at incident handlers, network engineers, security analysts, forensic engineers ( law enforcements officers working on digital forensic analysis) , and network administrators who want to extend their knowledge beyond that of a beginner to an intermediate level. 

The participants should have the basic knowledge in networking concepts and digital forensics.   

Upon completion of this course, participants will be able to:  

  • Recognize key concepts that will aid in understanding network anomalies and behavior 

  • Conduct network forensics 

  •  Investigate network behavior and patterns in relation to malware 

  • Analyze a variety of log types in order to gather inputs to apply in network forensics exercises 

  • Describe the procedures required for evidence collection during a network forensic exercise 

The training will be carried out online through the ITU Academy Platform. It will include presentations by instructors and explanations on the exercises. The training will be conducted online by an instructor through zoom sessions. 

An exam consisting of 25 – 30 multiple choice questions will be conducted on the last day.  

A total score higher than 70% is required to obtain the ITU certificate. 

Day 1 

18 March 2024 

10.30am - 12.30pm(CEST) 

Introducing Network Forensics 

  • Technical Requirements 

  • Network Forensics investigation  

  • Source of network evidence 

  • Wireshark Essentials 


Day 2 

20 March 2024 

10.30am - 12.30pm(CEST) 

Technical concepts and Acquiring Evidence 

  • Technical Requirements 

  • Inter-networking concept 

  • Log-based evidence 

  • Case Study 


Day 3 

22 March 2024 

10.30am - 12.30pm (CEST) 

Investigating Malware on the Network 

  • Dissecting malware on the network 

  • Intercepting malware 

  • Behaviour patterns and analysis  


Day 4 

25 March 2024 

10.30am - 12.30pm (CEST) 

Investigating and Analysing Logs 

  • Technical Requirements  

  • Network Intrusions and footprints 

  • Case Study 


Day 5 

27 March 2024 

10.30am - 12.30pm (CEST) 

Investigative procedures 

  • Evidence Seizure  

  • Evidence collection and storage 

  • Chain of custody 


Day 6 

29 March 2024 

10.30am - 11.30am



Share in

The registration to the course is closed.