IT Security Training: Network Forensics Analysis


Course Delivery

Live Instructor-Led Training

Course Description

The course Network Forensics Analysis (IT Security Training) explores the complexities of gathering digital evidence over a network. The training starts with a general discussion of evidence types and related evidence gathering techniques. This is followed by a detailed exploration of the fundamental tools of the digital forensics trade including the Squid proxy server, common packet analysis tools including tcpdump, Wireshark and NetFlow. The course includes a detailed study of application level protocols and services, firewalls, intrusion detection systems (IDS) and network security managers. The training concludes with an exploration of centralized logging, the Elastic Stack, wireless network considerations, encryption and SSL inspection.

Course Dates and Pricing


Nov 12 - 15, 2024$3,500.00

Course Outline

Network Fundamentals (Only if necessary)

The OSI Reference Model and Packet Structure
Essential IP Concepts: IP Addresses and Subnets
Obtaining an IP Address: Static and Dynamic Addressing
Essential IP Concepts: Transport Protocols (TCP and UDP)
IP Behavior: Understanding Sockets, Ports and Application Protocols
Understanding Routers and Layer 3 Switches
Working with and Understanding VLANs
Exploring VOIP Technologies

Introduction to Forensic Network Analysis

What is Forensic Analysis
What is valid Evidence?
Overview of Digital Forensic Analysis
More about Network Evidence Acquisition
Core Types of Network Evidence: Full Packet, Logs and NetFlow
The Importance of Data Integrity: Why SPAN ports are not sufficient
Exploring Capture Devices: NetFlow, Switches, TAPs and Layer 7 Devices

The Fundamental Tools of the Trade: The Squid

Understanding the Requirements of Forensic Analysis
Designing our Network for Forensic Analysis
The role of the Caching Proxy Server
Configuring the Squid Proxy Server
Configuring Logging in Squid
Configuring Squid Log Analysis Software
Configuring and Working with Cache Extraction

The Fundamental Tools of the Trade: Packet Analysis

Understanding Network Packet Structure
Setting up tcpdump
Exploring tcpdump options
Limiting Data Captured with tcpdump
Searching Trace results with grep
Installing the latest Version of Wireshark
Setting up Filters in Wireshark
Using Wireshark to Inspect Packets
Packet Capture Tips and Tricks

Key Application Level Protocols: HTTP

Exploring HTTP based Communications
Reviewing the HTTP Specification
Understanding HTTP Behavior in a Routed Scenario
Understanding HTTP Header Structure and Key Fields
Analyzing HTTP Request and HTTP Response
Extracting Artifacts
Implementing Logging
Applying Forensic Methodology to HTTP
Exploring and Analyzing FTP Traffic

Key Application Level Protocols: DNS

How DNS Servers Operate
Reviewing Common DNS Operations: Name Resolution, Zone Transfers and More
How Tunneling Works
Exploring Fast Flux and DGAs
Implementing Logging
Common uses of DNS in Attack Strategies
Exploring Amplification Attacks

Firewalls, Intrusion Detection Systems and Network Security Monitoring

The Role of Firewalls and Intrusion Detection Systems
The Role of Network Security Monitoring
Implementing Firewall Rules: Windows, Linux and Cisco
Exploring NAT and Masquerade
Implementing Firewall Logging
Implementing Intrusion Detection Systems
Implementing Network Security Monitoring
Exploring Bro NSM Features and Functionality
Implementing Bro NSM

Implementing Centralized Logging

Exploring the syslog Specification
Exploring Event Format
Implementing a syslog Central Server
Making use of rsyslog and other Tools
Exploring Microsoft Eventing
Exploring Log Aggregation: Benefits and Vulnerabilities
Implementing a Log Aggregation Solution

Working with Elastic Stack

What is the Elastic Stack?
The Specific Roles of Elastisearch, Logstash and Kibana
About the Elastic Stack and Log Aggregation
Installing an Elastisearch Server
Installing and Configuring Logstash
Using Kibana for Powerful Visualizations

NetFlow and Traffic Analysis

Exploring NetFlow Architecture, Components and Protocols
Configuring NetFlow on Cisco Routers
Examining Traffic using NetFlow
Using NetFlow for Encrypted Traffic
Using NetFlow for Linux Traffic: NFS, SSH and Apache
Using NetFlow with Microsoft Protocols: Exchange, Outlook, SMB and IIS

Modern Communications: Wireless Networks

Understanding Wireless Communication and Authentication
Exploring Authentication: WEP vs WPA
Hardware and Software Based Packet Capture
Exploring Useful Protocol Fields
Using Hardware: PineApple WIFI Device
Using Software: aircrack-ng and Airventroliquist
Working with Moloch
Working with NetworkMiner

The Magic of SSL

Exploring Encryption Algorithms: Symmetric vs Asymmetric
More on Asymmetric Encryption: AES and RSA
Exploring a Typical HTTPS Session
Profiling SSL Sessions
Exploring Perfect Forward Secrecy and its Requirements
The Mechanics of a Man In The Middle (MITM) Attack
Preforming Network Protocol Reverse Engineering Attacks

Putting it All Together


Course Locations

  • Ottawa

  • Montreal

  • Toronto

Related IT Security Training

IT Security Training: Essential Concepts

The course Essential Concepts (IT Security Training) introduces the art and science of IT security. The training begins with an overview of IT security management and its various disciplines. The course then discusses threat types & the complete Plan, Detect, Respond and Protect lifecycle. The training includes the use of firewalls, anti-virus, information security policies, user management, network management & more. If you to create, publish, implement and maintain a corporate Information Security Policy, this is the course for you. Training course titled IT Security Training: Essential Concepts that will allow you to hone your professional skills.

Nov 5 - 8, 2024$3,750.00

IT Security Training: Offensive & Defensive Hack Proofing

The course Offensive & Defensive Hack Proofing (IT Security Training) is an introduction to white hat hacking. The course teaches you how to perform every stage of the hacking process so that you may protect your environment. The training includes tools for information gathering & target scoping, target discover & enumeration, vulnerability mapping & social engineering. You are taught how to use the Metasploit Framework to perform target identification & exploitation so that you may stop it from happening to you. The progressive & hands-on practical lab allow you to execute a hack from initial identification to privilege escalation & maintenance. Stop hackers in their tracks today! Training course titled IT Security Training: Offensive & Defensive Hack Proofing that will allow you to hone your professional skills.

Nov 5 - 8, 2024$3,350.00

IT Security Training: The Definitive Boot Camp

The course The Definitive Boot Camp (IT Security Training) provides an introduction to the complex world of IT security. Corporate IT systems are more at risk today than they have ever been. The availability of information and the increased appetite for information and data requires organizations to expose their systems more and more to the vagaries of public consumption. This level of access means that an increasing number of people can compromise corporate data and IT infrastructure. Therefore, it is more important than ever for all employees to have a good understanding of the concepts and technologies that allow enforcement of the organization’s security policy. Why take the risk? Familiarize yourself and your staff with the many IT security concepts and technologies that protect you every day. Training course titled IT Security Training: The Definitive Boot Camp that will allow you to hone your professional skills.

Oct 28 - 29, 2024$1,500.00Nov 25 - 26, 2024$1,500.00

Server 2019 Training: Mastering Active Directory

The course Mastering Active Directory (Server 2019 Training) explores the design & implementation of Domains & Forests using Active Directory Domain Services with Windows Server 2019. The training includes active directory installation & configuration, domain & forest design & implementation as well as the creation & maintenance of Active Directory users & security groups. The course covers Active Directory schemas & fields, RODCs, global catalog servers, Active Directory replication, GPOs & GPO templates, Nano Servers, Server Virtualization and more. Training course titled Server 2019 Training: Mastering Active Directory that will allow you to hone your professional skills.

Nov 5 - 8, 2024$3,750.00

.NET Training: Building Secure Applications

The course Building Secure Applications (.NET Training) teaches you build secure code which is resistant to hacker attacks. As applications become a more an more important part of our professional lives, security vulnerabilities become a key liability. The training includes encryption & message digests, code access security, authentication, session management, authorization and role based security. The course concludes with a study of symmetric % asymmetric encryption together with common hacks and security vulnerabilities such as SQL Injection, XSS scripting & session hijacking to name a few. Training course titled .NET Training: Building Secure Applications that will allow you to hone your professional skills.

Oct 23 - 25, 2024$3,350.00Nov 20 - 22, 2024$3,350.00

Cisco Training: Mastering Network Security

The course Mastering Network Security (Cisco Training) delves into the details of Cisco network security. Every aspect of the security policy implementation is covered, starting with basic protocol considerations to the use of firewalls, IPS and IPv6. The training includes ACLs, tunneling and routing protocols. Training course titled Cisco Training: Mastering Network Security that will allow you to hone your professional skills.

Nov 5 - 8, 2024$3,750.00

Cybersecurity Training: Protecting your Digital Identity

Protect Yourself! Cybercrime and data breaches are growing by double digit percentages every year. Sophisticated attackers use ransomware, malware, brute force attacks, spear-phishing, social engineering and more to steal your money, your reputation and your identity. This 1 day online event will help you understand how cyber-criminals do what they do. You will learn about simple & effective techniques that will help you protect yourself in the digital jungle. Training course titled Cybersecurity Training: Protecting your Digital Identity that will allow you to hone your professional skills.

Oct 28 - 28, 2024$850.00Nov 25 - 25, 2024$850.00

IT Security Training: Advanced Hacking and Intrusion Detection

The course Advanced Hacking and Intrusion Detection (IT Security Training) explores advanced hacking from an offensive security perpsective. The course covers hacking with Metasploit and discussed common attack techniques including SQL Injection, Cross-Site Scripting, Phishing, Spoofing & more. The training also discusses how to plan & implement an Intrusion Detection System together with the design & implementation of related IT security processes including Incident, Problem, Event and IT Security management. Training course titled IT Security Training: Advanced Hacking and Intrusion Detection that will allow you to hone your professional skills.

Nov 5 - 8, 2024$3,350.00

IT Security Training: An Introduction to Penetration Testing

The course An Introduction to Penetration Testing (IT Security Training) is an introduction to white hat hacking. The course teaches you how to perform every stage of the hacking process so that you may protect your environment. The training includes tools for information gathering & target scoping, target discover & enumeration, vulnerability mapping & social engineering. You are taught how to use the Metasploit Framework to perform target identification & exploitation so that you may stop it from happening to you. Training course titled IT Security Training: An Introduction to Penetration Testing that will allow you to hone your professional skills.

Oct 16 - 18, 2024$3,350.00Nov 13 - 15, 2024$3,350.00

IT Security Training: Cyber Threat Intelligence

The training course Cyber Threat Intelligence (IT Security Training) is a complete exploration of the principles and application of implementing a Cyber Threat Intelligence program within your organization. Starting with the anatomy of an attack and the indications of compromise, the course explores the cyber kill chain together with the cyber intelligence cycle, data collection and analysis as well as threat analysis and the use of networks and partners. Training course titled IT Security Training: Cyber Threat Intelligence that will allow you to hone your professional skills.

Nov 5 - 8, 2024$3,350.00

IT Security Training: Cybersecurity Essentials

The course Cybersecurity Essentials (IT Security) is a full lifecycle exploration of corporate IT Security. The training starts with a review of key networking concepts including IP addressing, switches, routers, VLANs, VOIP and concludes with a comprehensive study of cybersecurity concepts such as information assurance, cryptography, authentication and legal and regulatory considerations. The course then leverages theses foundation concepts to explore the practical aspects of securing routers, switches and computers that run Windows and Linux. The training also covers intrusion detection systems (IDS) and essential policies and procedures that support IT security in an organization. The course course concludes with a detailed study of hacker attacks, including attack methods, the attack vector, incident handling and mitigation techniques. Training course titled IT Security Training: Cybersecurity Essentials that will allow you to hone your professional skills.

Nov 12 - 15, 2024$3,500.00

IT Security Training: Inspecting Networks with SNORT

The course Inspecting Networks with SNORT (IT Security Training) is a complete exploration of SNORT from installation and configuration to the development of complex rules for malicious data extraction and network intrusion detection. The training starts with an overview of the theoretical foundations of network data analysis with SNORT. This is followed by a detailed investigation of working with SNORT pre-processors to analyze traffic and detect malicious attacks. The training course also discusses the use of filters and events and the writing of SNORT rules for payload detection, non-payload detection and post detection processing. The training ends with a discussion of best practices and challenges in writing rules and the use of the AppId pre-processor for user created application detectors. Wow! This is quite the jam packet IT security course. Training course titled IT Security Training: Inspecting Networks with SNORT that will allow you to hone your professional skills.

Nov 12 - 15, 2024$3,500.00

IT Security Training: Professional Threat and Risk Assessment

The course Professional Threat and Risk Assessment (IT Security Training) is a comprehensive study of the threat and risk assessment lifecycle. Starting with the basic principles of risk management, the course explores the business of risk assessment and its complete lifecycle. The training includes risk profiling, formulating a risk, risk exposure factors as well as risk evaluation, mitigation and assessment. The training concludes with an exploration of security Controls and Services as well techniques for threat and vulnerability management. Defuse the ticking time bomb of risk in your projects by learning concrete techniques for risk assessment and process definition with this exciting and hands-on workshop. Training course titled IT Security Training: Professional Threat and Risk Assessment that will allow you to hone your professional skills.

Nov 5 - 8, 2024$3,350.00

IT Security Training: Securing Web Applications

This IT security training course provides participants with a complete exploration of web application security. Participants are first introduced to the essential concepts of open-source intelligence and social engineering while they begin to understand the hacker mindset. This is followed by a complete dissection of the infrastructure that supports web application operations. The training then digs into the details of the OWASP top 10 while they are taught how to perform complex web attacks such as SQL injection, cross site scripting, verb tempering, XXE attacks and more. Finally, participants are shown how to analyse JavaScript and how to write secure code in support of corporate applications. The course ends with a multifaceted discussion on security configuration and monitoring an enterprise environment including Lenox and active directory security. Training course titled IT Security Training: Securing Web Applications that will allow you to hone your professional skills.

Oct 22 - 25, 2024$3,350.00Nov 19 - 22, 2024$3,350.00

IT Security Training: Windows Forensics from A to Z

The course Windows Forensic Forensics Analysis (IT Security Training) explores the complexities of gathering digital evidence on everything Windows. The training starts with a general discussion of evidence types and related evidence gathering techniques. This is followed by a detailed exploration of love response and the collection of both volatile and non-volatile data on the Windows platform. The training course covers the analysis of Windows memory, the FAT and NTFS file systems and various Windows artefacts including web browsers, event logs, page files and more. Training course titled IT Security Training: Windows Forensics from A to Z that will allow you to hone your professional skills.

Oct 22 - 25, 2024$3,500.00Nov 19 - 22, 2024$3,500.00

Java Training: The Complete Security Workshop

The course The Complete Security Workshop (Java Training) is essential for any developer who is working on front-end web applications or working on the security infrastructure of JEE applications. The course content aims to demystify Java SE and EE security at all levels. Starting with an overview of threats and risks, the student is guided in a hands-on exploration of JAAS (Java Authentication and Authorization services), followed by creating custom security providers and best practices. Training course titled Java Training: The Complete Security Workshop that will allow you to hone your professional skills.

Nov 12 - 15, 2024$3,750.00

Linux Training: Security & Hacking Complete Course

The course Security & Hacking Complete Course (Linux Training) focuses on Linux security and hacking. Beginning with a Linux security deep-dive, the course discusses the anatomy of a hacker attack on Linux. Every part of the Linux OS is included in the discussion including the kernel, networking components, databases, web servers & more. Training course titled Linux Training: Security & Hacking Complete Course that will allow you to hone your professional skills.

Nov 12 - 15, 2024$3,750.00

Server 2019 Training: Windows Advanced Active Directory

The course Windows Advanced Active Directory (Server 2019 Training) covers advanced Active Directory installation, configuration and maintenance. The training includes GPO, global catalog servers, service replication, sites, replication topology, PowerShell scripting & troubleshooting. If you need to know everything about the Active Directory, this is the course for you. Training course titled Server 2019 Training: Windows Advanced Active Directory that will allow you to hone your professional skills.

Oct 22 - 25, 2024$3,750.00Nov 19 - 22, 2024$3,750.00

Server 2019 Training: Windows Advanced Security

The course Windows Advanced Security (Server 2019 Training) is an exploration of Windows Server security. Beginning with a tour of threat types, the training includes a complete exploration of the Plan, Detect, Respond and Protect lifecycle with Windows Server. If you want to protect your Windows servers from malware and hacker attacks, this is the course for you. Training course titled Server 2019 Training: Windows Advanced Security that will allow you to hone your professional skills.

Oct 29 - Nov 1, 2024$3,750.00Nov 26 - 29, 2024$3,750.00