Network Forensics

Develop the skills to investigate cybercrimes, from identifying threats to recovering evidence.

(NET-FORENSIC.AW1) / ISBN : 978-1-64459-610-4
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Get A Free Trial

About This Course

This network forensics course will equip you with the skills and tools to become a top-tier cybersecurity professional.You’ll learn to decode digital mysteries, dissect suspicious traffic, uncover covert channels, and analyze cyberattacks like ransomware and protocol misuse. Mastering tools like Wireshark, Splunk, and MitmProxy while unraveling threats from email servers to exploit kits will become interactive! You’ll gain sharp skills in log analysis, packet inspection, malware tracking, and more – all thanks to our risk-free hands-on labs. So, if cybercrime leaves a trail, you’ll be the one following it – straight to the source.

Skills You’ll Get

  • Analyze network traffic and packet structures for suspicious activities. 
  • Investigate cyberattacks, including ransomware, DDoS, and web server attacks. 
  • Decrypt SSL/TLS communication to detect hidden threats. 
  • Identify covert communication channels and misuse of DNS protocols. 
  • Examine logs from SSh, proxy servers, and email authentication for anomalies. 
  • Detect wireless attacks and monitor radio frequencies. 
  • Simulate network environments to study exploit kits and malicious payloads. 
  • Track malware activities through reverse engineering and memory forensics. 
  • Automate forensic tasks like IP reputation analysis and protocol dissection with tools like Lua. 
  • Utilize forensic tools such as Wireshark, Splunk, and MitmProxy for in-depth investigations. 
  • Identify and remove ransomware and capture decryption keys. 
  • Explore command-and-control systems to uncover attackers' methods. 
  • Develop proactive network defense strategies using forensic insights.

1

Introduction

2

Foundations of Network Forensics

  • Introduction
  • Structure
  • Objectives
  • Types of network forensics
  • Setting up the environment for analysis
  • Case study: Suspicious Web Server
  • Conclusion
  • Long questions
3

Protocols and Deep Packet Analysis

  • Introduction
  • Structure
  • The OSI model
  • The TCP/IP model
  • The Packet structure
  • Case study: Curious case of protocol misuse
  • Deep Packet Inspection
  • Case study: Investigating Distributed Denial of service attacks
  • Conclusion
  • Long questions
4

Flow Analysis versus Packet Analysis

  • Introduction
  • Structure
  • Statistical Flow analysis
  • Flow Record and FRP Systems
  • Uniflow and BitFlow
  • Types of Sensor deployment
  • Flow analysis
  • Conclusion
  • Long questions
5

Conducting Log Analysis

  • Introduction
  • Structure
  • Objectives
  • Investigating Remote Login attempts on SSH
  • Investigating Web Server Attacks with Splunk
  • Investigating Proxy Logs
  • Conclusion
  • Long questions
6

Wireless Forensics

  • Introduction
  • Structure
  • Objectives
  • Basics of Radio Frequency Monitoring
  • The 802.11 standard
  • Evidence types in wireless local area networking
  • Other wireless attacks and their analysis
  • Conclusion
  • Long questions
7

TLS Decryption and Visibility

  • Introduction
  • Structure
  • Objectives
  • Techniques to decrypt SSL/TLS communication
  • Examining SSL/TLS traffic using proxy
  • Conclusion
  • Long questions
8

Demystifying Covert Channels

  • Introduction
  • Structure
  • Objectives
  • Identifying covert communication using proxies
  • Using MitmProxy to decrypt Dropbox traffic
  • Using Dropbox API to gather attack details
  • Uncovering the attack pattern
  • Uncovering DNS misuse
  • Conclusion
  • Long questions
9

Analyzing Exploit Kits

  • Introduction
  • Structure
  • Objectives
  • How exploit kits work
  • Analysis of an exploit kit infection
  • Network forensics with Security Onion
  • Extracting malicious payload
  • Using Fakenet-Ng to simulate a network
  • Conclusion
  • Long questions
10

Automating Network Forensics

  • Introduction
  • Structure
  • Objectives
  • Parsing the Syslog format
  • IP reputation analysis
  • Writing dissectors for protocols in Lua
  • Conclusion
  • Long questions
11

Backtracking Malware

  • Introduction
  • Structure
  • Objectives
  • Investigating Cobalt Strike Encrypted traffic
  • Investigating TeamViewer and AnyDesk
  • Conclusion
  • Long questions
12

Investigating Ransomware Attacks

  • Introduction
  • Structure
  • Objectives
  • Analysis of WannaCry ransomware
  • Capturing ransomware keys for decryption
  • Analyzing GandCrab ransomware
  • Case Study: REVIL ransomware at a Bank
  • Conclusion
  • Long questions
13

Investigating Command and Control Systems

  • Introduction
  • Structure
  • Objectives
  • Investigating Metasploit Reverse Shell
  • Investigating Meterpreter Reverse Shell
  • Investigating Meterpreter Stageless Reverse Shell
  • Conclusion
  • Long questions
14

Investigating Attacks on Email Servers

  • Introduction
  • Objectives
  • Structure
  • Analysis of ProxyLogon attack
  • Investigating Email authentication logs
  • Conclusion
  • Long questions
15

Investigating Web Server Attacks

  • Introduction
  • Structure
  • Objectives
  • Web Server attack analysis
  • Conclusion
  • Long questions

1

Introduction

  • testing
2

Foundations of Network Forensics

  • Capturing Network Packets Using TCPDump
  • Performing Network Analysis Using Wireshark
3

Protocols and Deep Packet Analysis

  • Using tshark to Filter Data from a PCAP File
4

Flow Analysis versus Packet Analysis

  • Generating IPFIX from PCAP
  • Analyzing SiLK Flow Records
5

Conducting Log Analysis

  • Investigating SSH Logs
6

Wireless Forensics

7

TLS Decryption and Visibility

  • Capturing Browser Requests Using mitmproxy
8

Demystifying Covert Channels

  • Resolving IP Addresses for Network Analysis
  • Investigating DNS Misuse
9

Analyzing Exploit Kits

10

Automating Network Forensics

  • Performing IP Reputation Analysis
11

Backtracking Malware

  • Investing Cobalt Strike Encrypted traffic
  • Monitoring TeamViewer Sessions
  • Investigating AnyDesk Sessions
12

Investigating Ransomware Attacks

  • Analyzing the WannaCry Ransomware Attack
13

Investigating Command and Control Systems

  • Investigating the Metasploit Reverse Shell
14

Investigating Attacks on Email Servers

  • Investigating ProxyLogon Attack
15

Investigating Web Server Attacks

Any questions?
Check out the FAQs

Explore more on our Network Forensics online course.

Contact Us Now

Network forensics involves analyzing network traffic and logs to detect, investigate, and prevent cyberattacks.

This online network forensics course is ideal for 

  • IT professionals
  • Network Forensics Analyst
  • Cybersecurity Analyst
  • Digital Forensics Investigator
  • Incident Response Specialist
  • Security Operations Center (SOC) Analyst

And for anyone interested in the cybersecurity field

A basic understanding of computer networks and cybersecurity concepts is recommended.

In this online network forensics course, you will work with tools like Wireshark, Splunk, MitmProxy, Security Onion, Fakenet-Ng, and more.

Network forensics skills are in demand across many industries. This network forensics training will significantly boost your career by influencing your earning potential, building a case for promotions, and opening up networking opportunities for you.

Related Courses

All Course
scroll to top