Network Forensics – Advanced takes forensics specialists another step forward to help them master the tasks of capturing, recording and analyzing network events to discover the source of security incidents. Network investigators need to have advanced capabilities of accessing the deepest, most hidden places on the network and understanding how to extract data from there. The course is a drill-down to network protocols, intrusion detection on the network and advanced capabilities of log forensics.

The course is intended for participants with former background in network forensics, and preferably some experience in the field, who wish to advance and deepen their knowledge and capabilities. The primary target audience is:

  • Law enforcement officers & intelligence corps
  • Incident responders
  • Computer investigators
  • IT/network administrators
  • Cyber Forensics analysts
    • Background knowledge in network forensics.
    • CF201 provides a solid foundation of preliminary knowledge required for this course.

    40 Hours

    Cyber Security


    Certificate: No

    Price: contact us for more details

    Leave your details

    Course Outline


    During this course and upon completion, participants will be able to:

    • Understand networks on a deep level – how they function and how information is stored on them.
    • Monitor and analyze user and system activities on the network in order to recognize patterns of typical attacks.
    • Analyze abnormal activity patterns to detect signs of an intrusion.
    • Use advanced tools for intrusion detection.
    • Analyze log files and log data using available tools, and create their own tools for more advanced uses.


    Course Outline

    Module 1: Preparing Your Forensics Lab – 4 hours

    During this module, students will become familiar with the key tools for network forensics and will construct machines that will serve them during the course. The various tools and frameworks covered in this module are among the most advanced in the field, and are a crucial asset for every network forensics investigator.

    • Configuring forensics tools

      • Autopsy
      • Volatility
      • NirSoft
      • FTK imager
      • HxD
      • Bulk Extractor
      • Bro
      • Bro-Cut
      • Wireshark
      • TCPDump
    • Forensics common frameworks for investigation
      • DEFT
      • SIFT
      • Security Onion

    Module 2: Network Forensics – 16 hours

    During this module, participants will learn how to read packets of data, perform “file carving” and identify suspicious activity on the network. They will get an insight into how an attack on the network is carried out and how it can be identified. Later on, students will be tasked with constructing basic defensive tools that will raise alerts when the system is attacked.

    • Network-based firewalls
      • Packet filter
      • Proxy
      • Common IDS
    • Wireshark GUI and CLI
      • Acquaintance with Wireshark
      • Statistics
      • TCP stream
    • PCAP files manipulation
    • Packet structure and analysis
    • Internet traffic analysis
    • Network forensics investigation process
    • MiTM attack
      • Methods
      • Different uses
      • Common MiTM tools
    • Writing a professional forensics report