NETWORK FORENSICS

Who Should Attend?
I T Security Centre Personnel, Auditors, CERT members, Network and System Administrators.

Prerequisites

Basic knowledge of TCP/IP, networks, Linux and Windows operating system.

Course Syllabus

The following topics will be covered in order to conduct incident analysis without referring to storage components such as hard disks and RAM. Another objective is to detect incidents and malicious network traffic exploiting incorrect configuration of network components.

• Foundations of traffic analysis
• Network packet capturing technologies: Hardware, software and tools
• Basic network protocols and components
• Network security component log analysis: Logs of firewalls, intrusion detection
and prevention systems, etc.
• Analysis of network protocols (HTTP, SMTP, DNS etc.)
• Deep packet inspection
• Detection of malicious network traffic: “Man in the middle attack”, “DNS cache
poisoning” etc. attacks
• Detection of network traffic tunnelling techniques: DNS, ICMP, SSH tunnelling etc.

• Analysis of encrypted network traffic: “SSL traffic listening” technique
• Reconstruction of network traffic to obtain original data
• Network flow analysis
Benefits
Attendees will be able to conduct network traffic analysis and to collect evidence
without accessing storage components. They will also be able to detect malicious
network traffic and security incidents deriving from components.