Introduction To Network Forensics

Welcome    Why?    Training    Games    ChangeBlog    External Resources    Submit Content


Creator:     Jim Irving

License:    Creative Commons: Attribution, Share-Alike


Lab Requirements:

-Linux machine with access to the internet (must be ok for capturing data from!)

-Windows machine with Netwitness Investigator Free installed and registered

Recommended Class Duration: 1 day for lecture only, 2 days if labs are included

Creator Available to Teach In-Person Classes: Yes

Author Comments:

This is a mainly lecture based class giving an introduction to common network monitoring and forensic techniques.  This class is meant to be accompanied by lab exercises to demonstrate certain tools and technologies, but the lab exercises are not absolutely necessary to convey the operating concepts.

For the first section, the instructor led lab will include:

-Using Wireshark to analyze a PCAP file to develop skills with the tool and identify interesting artifacts.  This will require first creating or finding a PCAP file and analyzing it beforehand.

-Using Netwitness Investigator Free to analyze the same PCAP file and better understand the interface and the difference in analysis style.

-Using Snort to write packet filters.

-Using Argus to analyze a collection of netflow data.

For the second section, the instructor led lab will include:

-Using Netwitness Investigator Free to analyze a PCAP file.

Slides (102 slides)

Revision History:

01-08-2013 - Added class map to the page to show relation to other classes

06-14-2011 - Initial class content upload

If you have used and modified this material, we would appreciate it if you submit your modified version for publishing here, so that all versions can benefit from your changes.