Practical Techniques for Analyzing Suspicious Network Traffic
Audience: This course is designed for Cyber/Cloud Network Security that possess a basic to intermediate general security and networking knowledge. Successful completion of this course will provide these individuals with a path-way into the field of Network Forensics Analysis. Personnel that already posses a working knowledge of Host-based Forensics Analysis should also attend this course as a means of gaining expertise in the End-to-End Digital Forensics process.
Recommended Course Prerequisites: For maximum effectiveness, attendees should have at least basic familiarity with TCP/IP networking and basic network infrastructure devices such as Switches, Routers, etc. Attendees will also be required to bring their own laptop.
Course Description: Network Forensics Analysis encompasses the skills of not only capturing suspicious data, but also the ability to discern unusual patterns hidden within seemingly normal network traffic. This course will provide the student with a set of investigate techniques focusing on the use of vendor-neutral, Open-Source Tools to provide insight into the following areas:
- Forensics Analysis fundamentals
- Data Recorder technology and data-mining
- Network security principles including encryption technologies and defensive configurations of network infrastructure devices
- Security threat recognition for a variety of common network attack and exploit scenarios including network reconnaissance techniques, Bot-Net threat recognition and man-in-the-middle attacks as well as common user protocol vulnerabilities including IP related Protocols (IP / TCP, DNS, ARP, ICMP), Email Protocols (Pop / SMTP / IMAP) and other, common Internet based User Protocols
- Open-Source Network Forensics Tools
- Specialized Network Forensics Analysis techniques including suspicious data traffic reconstruction and viewing techniques.
- Real-World examples will be utilized throughout the course in conjunction with numerous hands-on exercises to provide field proven, practical Forensics Analysis skills. Attendees will receive a training binder including numerous reference Wireshark trace files and a DVD with networking and forensics tools, as well as a library of Network Forensics Analysis reference documents.
As a result of successful completion of this workshop, participants will be able to:
- Understand the principles of Network Forensics Analysis and how to apply them
- Select and configure various Open-Source tools for Network Forensics Analysis
- Utilize these tools to recognize traffic patterns associated with suspicious network behavior
- Reconstruct suspicious activities such as Emails, file transfer or Web-Browsing for detailed analysis and evidentiary purposes
- Understand and recognize potential network security infrastructure mis-configurations
Format: 5 days Classroom Instruction
Start/End Times: 09:00-18:00
Recommended Class Size: 6-16