Introduction To Network Forensics
Creator: Jim Irving
License: Creative Commons: Attribution, Share-Alike
(http://creativecommons.org/licenses/by-sa/3.0/)
Class Prerequisites: None
Lab Requirements:
-Linux machine with access to the internet (must be ok for capturing data from!)
-Windows machine with Netwitness Investigator Free installed and registered
Recommended Class Duration: 1 day for lecture only, 2 days if labs are included
Creator Available to Teach In-Person Classes: Yes
Author Comments:
This is a mainly lecture based class giving an introduction to common network monitoring and forensic techniques. This class is meant to be accompanied by lab exercises to demonstrate certain tools and technologies, but the lab exercises are not absolutely necessary to convey the operating concepts.
For the first section, the instructor led lab will include:
-Using Wireshark to analyze a PCAP file to develop skills with the tool and identify interesting artifacts. This will require first creating or finding a PCAP file and analyzing it beforehand.
-Using Netwitness Investigator Free to analyze the same PCAP file and better understand the interface and the difference in analysis style.
-Using Snort to write packet filters.
-Using Argus to analyze a collection of netflow data.
For the second section, the instructor led lab will include:
-Using Netwitness Investigator Free to analyze a PCAP file.
Revision History:
01-08-2013 - Added class map to the page to show relation to other classes
06-14-2011 - Initial class content upload
If you have used and modified this material, we would appreciate it if you submit your modified version for publishing here, so that all versions can benefit from your changes.
