Course Description
Building on Network Forensics and Investigation I, this course teaches students how to use advanced
tool features to uncover and investigate complex, multi-stage, and hard-to-detect intrusions. By
learning to identify statistical patterns, isolate events of interest, and accurately correlate or distinguish
between threads of activity, students will gain the skills needed to perform critical, real-time analysis in a
production environment. The course employs several traffic analysis tools including Wireshark, Network
Miner and RSA’s NetWitness Investigator alongside custom tools and scripts
Learning Objectives
Successful completion of this course will enable students to:
- Identify and analyze events at all stages of the attack lifecycle
- Apply threat intelligence feeds to focus monitoring investigation, and hunt activities
- Detect and investigate tunneling, botnet command & control traffic, and other forms of covert communications being utilized in a network
- Employ fingerprinting techniques to detect the use of encrypted traffic flows by malware or an active intruder
- Accurately correlate and reconstruct multiple stages of malicious activity in order to build a complete picture of the scope and impact of complex network intrusions