• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

This course was originally designed for a select U.S. Government Intelligence Agency. The C)NFE certification program will prepare students to exercise true advanced networking forensics techniques through the use of proprietary labs in Mile2's exclusive cyber range.

You should attend this course if you are:

  • Cybersecurity team members who need to respond to intrusions, 'hacks' and incidents in their network.
  • Cybersecurity team members that are required to know how to examine, probe, trace, frisk, and interrogate their network(s) to find out how they were compromised.
  • Those IT pros that want to advance their network investigative and incident response handling policies, procedures and techniques.

This 5 day-course retails for $3,500 and is delivered via: classroom or live online.

Learning Objectives

Module 1 - Digital Evidence Concepts

Module 2 - Network Evidence Challenges

Module 3 - Network Forensics Investigative Methodology

Module 4 - Network - Based Evidence

Module 5 - Network Principles

Module 6 - Internet Protocol Suite

Module 7 - Physical Interception

Module 8 - Traffic Acquisition Software

Module 9 - Live Acquisition

Module 10 - Analysis

Module 11 - Layer 2 Protocol

Module 12 - Wireless Access Points

Module 13 - Wireless Capture Traffic and Analysis

Module 14 - Wireless Attacks

Module 15 - NIDS_Snort

Module 16 - Centralized Logging and Syslog

Module 17 - Investigating Network Devices

Module 18 - Web Proxies and Encryption

Module 19 - Network Tunneling

Module 20 - Malware Forensics

HANDS-ON LABORATORY EXERCISES

Lab 1 - Working with captured files

Exercise 1 - HTTP.pcap

Exercise 2 - SMB.pcap

Exercise 3 - SIP_RTP.pcap

Lab 2 - Layer 2 Attacks

Exercise 1 - Analyze the capture of macof.

Exercise 2 - Manipulating the STP root bridge election process

Lab 2 - Active Evidence Acquisition

Lab 3 - Preparing for Packet Inspection

Lab 4 - Analyzing Packet Captures

Exercise 2: Analyze TKIP and CCMP Frames starting from 4-Way Handshake process.

Lab 5 - Case Study: ABC Real Estate

Lab 6 - NIDS/NIPS

Exercise 1 - Use Snort as Packet Sniffer

Exercise 2 - Use Snort as a packet logger

Exercise 3 - Check Snort's IDS abilities with pre-captured attack pattern files

Lab 7 - Syslog Exercise

Lab 8 - Network Device Log

LAB 9 - SSL

Exercise 1 - Decrypting SSL Traffic by using a given Certificate Private Key

Exercise 2 - SSL and Friendly Man-in-the-middle

Framework Connections