- Kaleem Ahmed USMANI
- Emmanuel NIYIKORA
- Manish Lobin
Intermediate
Description
Network forensics is a subset of digital forensics that deals with network attacks and their investigation. In the era of network attacks and malware threats, it's now more important than ever to have the skills required to investigate network attacks and vulnerabilities. Network Forensics starts with the core concepts like coding, networking, forensics tools, and methodologies for forensic investigations. We will also explore the tools used for network forensics, followed by understanding how to apply those tools to a PCAP file and write the accompanying report. By the end of this training, you will have gained hands-on experience of performing forensic analysis tasks.
This training is aimed at incident handlers, network engineers, security analysts, forensic engineers ( law enforcements officers working on digital forensic analysis) , and network administrators who want to extend their knowledge beyond that of a beginner to an intermediate level.
The participants should have the basic knowledge in networking concepts and digital forensics.
Upon completion of this course, participants will be able to:
Recognize key concepts that will aid in understanding network anomalies and behavior
Conduct network forensics
Investigate network behavior and patterns in relation to malware
Analyze a variety of log types in order to gather inputs to apply in network forensics exercises
Describe the procedures required for evidence collection during a network forensic exercise
The training will be carried out online through the ITU Academy Platform. It will include presentations by instructors and explanations on the exercises. The training will be conducted online by an instructor through zoom sessions.
An exam consisting of 25 – 30 multiple choice questions will be conducted on the last day.
A total score higher than 70% is required to obtain the ITU certificate.
Day 1
18 March 2024
10.30am - 12.30pm(CEST)
Introducing Network Forensics
Technical Requirements
Network Forensics investigation
Source of network evidence
Wireshark Essentials
Day 2
20 March 2024
10.30am - 12.30pm(CEST)
Technical concepts and Acquiring Evidence
Technical Requirements
Inter-networking concept
Log-based evidence
Case Study
Day 3
22 March 2024
10.30am - 12.30pm (CEST)
Investigating Malware on the Network
Dissecting malware on the network
Intercepting malware
Behaviour patterns and analysis
Day 4
25 March 2024
10.30am - 12.30pm (CEST)
Investigating and Analysing Logs
Technical Requirements
Network Intrusions and footprints
Case Study
Day 5
27 March 2024
10.30am - 12.30pm (CEST)
Investigative procedures
Evidence Seizure
Evidence collection and storage
Chain of custody
Day 6
29 March 2024
10.30am - 11.30am
(CEST)
Exam
Registration information
Unless specified otherwise, all ITU Academy training courses are open to all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female participants, and participants from developing countries. This includes least developed countries, small island developing states and landlocked developing countries.