Network Forensics
2hIntermediate2024-11-25
Authors
Jungwoo Ryoo
Teaches IT, cybersecurity, and risk analysis at Penn State
Course details
Network forensics is used to find legal evidence in network devices. This course covers all the major concepts and tools of this growing (and exciting) technical field. Instructor Jungwoo Ryoo reviews the basics: the goals of network forensics, the types of investigations it's used for, a network forensic investigator's typical toolset, and the legal implications of this type of work. Then, he'll show how to prepare for an investigation; acquire network logs and investigate network events; collect and investigate network traffic; investigate web attacks; and create a report of your findings. He uses a combination of open-source and commercial software, so you'll be able to uncover the information you need with the tools that are in your budget.
Learning objectives
Describe the career opportunities and skills/knowledge required to be a successful network forensics professional.
Use network forensics tools for acquiring evidence, especially logging, such as syslog, syslog-ng, and Microsoft log parser.
Use network forensics tools such as Wireshark for packet/protocol analysis.
Explain network forensics certification opportunities and identify the ones to pursue.
Produce a comprehensive network forensics investigation report both manually and using automated tools.
Learning objectives
Describe the career opportunities and skills/knowledge required to be a successful network forensics professional.
Use network forensics tools for acquiring evidence, especially logging, such as syslog, syslog-ng, and Microsoft log parser.
Use network forensics tools such as Wireshark for packet/protocol analysis.
Explain network forensics certification opportunities and identify the ones to pursue.
Produce a comprehensive network forensics investigation report both manually and using automated tools.
Skills covered
Network SecurityCybersecurityDeep Dive (X:Y)
Concepts
0. Introduction
- 01 - Learning network forensics
- 02 - What you should know
1. Understanding Network Forensics
- 03 - Goals of network forensics
- 04 - Tools
- 05 - Legal implications
- 06 - Current and future trends
- 07 - Anti-network forensics techniques
- 08 - Challenge - Acquiring additional information with Nmap
- 09 - Solution - Acquiring additional information with Nmap
2. Preparing for a Network Forensics Investigation
- 10 - Network forensics investigation hardware
- 11 - Network forensics investigation software
- 12 - Understanding computer networking
- 13 - Understanding networking devices
- 14 - Understanding network data sources
- 15 - Challenge - Wireshark filtering
- 16 - Solution - Wireshark filtering
3. Investigating Network Events
- 17 - Network logs
- 18 - Intrusion and security events
- 19 - Network logs as evidence
- 20 - Network logs and compliance
- 21 - Audit logs
- 22 - Firewall logs
- 23 - syslog
- 24 - syslog-ng
- 25 - Kiwi Syslog Server
- 26 - Microsoft Log Parser
4. Investigating Network Traffic
- 27 - Fundamentals
- 28 - Network models
- 29 - Subnets, subnet ID, and subnet mask
- 30 - Protocol analysis
- 31 - ARP
- 32 - ARP poisoning
- 33 - DNS
- 34 - DNS poisoning
5. Network Forensics Tools
- 35 - tcpdump and WinDump
- 36 - tcpdump and WinDump hands-on
- 37 - Wireshark
- 38 - Wireshark hands-on
- 39 - HTTP proxies
- 40 - HTTP proxies hands-on
- 41 - Splunk
- 42 - Splunk hands-on
Conclusion
- 43 - Next steps
Related courses
- Windows Server 2025: Advanced Management Features
- ISC2 Systems Security Certified Practitioner (SSCP) Cert Prep
- Certificate of Cloud Security Knowledge (CCSK) Cert Prep
- Building a Multicloud Security Program: Strategy, Implementation, and Emerging Trends
- Modern Cloud Security: Shift-Left, Observability, and Automated Defense
- Cybersecurity Awareness: Cloud Security
- CertNexus Certified IoT Security Practitioner Cert Prep by InfoSec
- Building Customer Identity and Access Management (CIAM) in Your Applications on AWS