Overview
-
Get a comprehensive, but succinct, look at network forensics. Learn how to prepare for network forensics investigations, investigate network events, and examine network traffic.
Syllabus
-
Introduction
- Learning network forensics
- What you should know
- Goals of network forensics
- Tools
- Legal implications
- Current and future trends
- Anti-network forensics techniques
- Network forensics investigation hardware
- Network forensics investigation software
- Understanding computer networking
- Understanding networking devices
- Understanding network data sources
- Network logs
- Intrusion and security events
- Network logs as evidence
- Network logs and compliance
- Audit logs
- Firewall logs
- syslog
- syslog-ng
- Kiwi Syslog Server
- Microsoft Log Parser
- Fundamentals
- Network models
- Subnets, subnet ID, and subnet mask
- Protocol analysis
- ARP
- ARP poisoning
- DNS
- DNS poisoning
- tcpdump and WinDump
- tcpdump and WinDump hands-on
- Wireshark
- Wireshark hands-on
- HTTP proxies
- HTTP proxies hands-on
- Splunk
- Splunk hands-on
- Next steps
