Network Forensics

Get a comprehensive, but succinct, look at network forensics. Learn how to prepare for network forensics investigations, investigate network events, and examine network traffic.

Introduction

• Learning network forensics
• What you should know

1. Understanding Network Forensics

• Goals of network forensics
• Tools
• Legal implications
• Current and future trends
• Anti-network forensics techniques

2. Preparing for a Network Forensics Investigation

• Network forensics investigation hardware
• Network forensics investigation software
• Understanding computer networking
• Understanding networking devices
• Understanding network data sources

3. Investigating Network Events

• Network logs
• Intrusion and security events
• Network logs as evidence
• Network logs and compliance
• Audit logs
• Firewall logs
• syslog
• syslog-ng
• Kiwi Syslog Server
• Microsoft Log Parser

4. Investigating Network Traffic

• Fundamentals
• Network models
• Subnets, subnet ID, and subnet mask
• Protocol analysis
• ARP
• ARP poisoning
• DNS
• DNS poisoning

5. Network Forensics Tools

• tcpdump and WinDump
• tcpdump and WinDump hands-on
• Wireshark
• Wireshark hands-on
• HTTP proxies
• HTTP proxies hands-on
• Splunk
• Splunk hands-on

Conclusion

• Next steps