The preponderance of network traffic, particularly web traffic, was an expected outcome of the pivotal role that the Internet has come to play in our daily lives. The sheer volume of traffic and complexity of protocols creates a very diverse and ever-changing landscape within which the network analyst must navigate. Network Forensics and Investigation teaches attendees to differentiate between normal and abnormal network traffic, track the flow of packets through a network, and attribute conversations and actions taken over a network segment to specific hosts or users.
This course focuses on research, filtering, and comparative analysis to identify and attribute the different types of activity on a network. Students will learn how to follow conversations across a wide range of protocols and through redirection and how to develop custom filters for non-dissected protocols.
Learning Objectives
- Create a baseline of the protocols, hosts, and interactions in a network environment
- Identify anomalous network traffic using a combination of in-depth packet analysis and higher-level statistical analysis
- Reconstruct event timelines and accurately correlate, or distinguish between event threads
- Identify and extract network artifacts for further forensic analysis
- Compare observed network traffic to expected topology
- Research and analyze unknown (non-dissected) protocols
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):