• Online, Instructor-Led
  • Classroom
Course Description

Network Forensics and Investigation teaches the core skills of identifying and investigating potential breaches and other events from a network data perspective. Students will learn how to use common security frameworks and tools such as SIEMs, and packet/protocol analysis tools to respond to alerts, correlate data points from multiple sources, use security analytics to reconstruct event timelines, and extract artifacts for further analysis. Critical thinking skills and analytic methodologies are used as a foundation to achieve outcomes or reach conclusions with an appropriate level of confidence.

Learning Objectives

  • Define the purpose and function of common network security technologies
  • Apply cybersecurity frameworks to case studies and lab scenarios
  • Baseline the protocols, services, hosts, and activity in a network environment
  • Compare observed network traffic to expected topology
  • Correlate events and alerts to identify potential intrusions or incidents
  • Use security analytics to reconstruct events from multiple sources of data
  • Identify and extract network artifacts for further forensic analysis
  • Identify potential threat indicators from analysis of encrypted traffic flows

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.