Overview What You Will Learn Curriculum Instructor

Course Overview

Network Forensic analysis is a sub-domain in the broad spectrum of digital forensics used for retrospective analysis of networks to find pieces of evidence left behind following a cyberattack. It analyses network traffic to gather the information that could connect security teams to the threat actor, find vulnerabilities exploited to enter the network, and so on. It is a hard task because of your huge amount of data and the large number of protocols and tools currently available.

In the current scenario, most incidents involve technological devices that are connected to a local or external network, and for criminals to be identified, it is essential you know or has people in your organization capable of interpreting the traces left at a crime scene virtually. The course begins with a hands-on approach to the network of the theory taught in many schools, with the instructor explaining RFCs using Wireshark. Further, you will learn open-source tools to analyze some network attacks, like Security Onion, Wazuh, and Arkami. Finally, you will learn how to detect a Cobalt Strike attack.

Network Forensics also involves proactive monitoring and analysis of network traffic for anomalous behavior, intrusion detection, incident response, and vulnerability management. With increasing network traffic and network systems complexity, the need for network forensics is expected to continue to grow significantly.

The course aims to offer some techniques and tools so that the members of a blue team can analyze cyber incidents by finding the evidence left on the network by the attackers. 

What You Will Learn

  • Learn different scan forms and how to detect it
  • Learn the fundamentals of network design
  • network forensics tools and best practice
  • and how to perform analysis on a variety of data
  • Get acquainted with the strategies to identify cobalt strike attacks using network forensics
  • Get hands on technologies to analyze a large amount of network data
  • Understand about Open-source tools to continuously monitor assets to collect network evidence

Program Curriculum

  • Demystifying the OSI Model with Wireshark
  • Analyzing IP and ICMP with Tcpdump
  • Analyzing ARP and DNS with Wireshark
  • Looking at TCP Sequence with Tcpdump and Tshark
  • Looking at UDP with Wireshark
  • Analyzing HTTP with Wireshark
  • $7 Million Cybersecurity Scholarship by EC-Council
  • Chapter 1 Quiz

  • Detecting Reconnaissance Attacks of Ping Sweeping
  • Detecting Nmap Scans with Wireshark
  • Detecting Man-in-the-middle with Wireshark
  • Detecting Brute-Force with Wireshark
  • Chapter 2 Quiz

  • Installation of Docker and sebp/elk
  • Ingesting FTP Logs Using Logstash
  • Detecting Attacks Against FTP Server Using Kibana
  • Upload and Analysis of evtx Logs Using ELK
  • Conclusion
  • Chapter 3 Quiz

Instructor

Nilson Sangy Jr

Nilson Sangy is an Expert in Digital Forensics for Brazilian Federal Police over the last two years. His experience has been in computer forensics, mobile, network forensics, for the last five years. In information security, Nilson have been since 2009, when he was a military for Brazilian Army, acting as Communications Sergeant and after as First Lieutenant of IT Staff Officer. Sangy is a specialist at artifacts like windows files, linux logs, IPS logs, firewall logs, EDR and some antivirus too. In this year, he was responsible for cases like data leaks, ransomware infections, malware analysis, phishing and other. The author is Certified EC-Council Instructor since 2016. He provides training for the following certifications: Certified Network Defender – CND, EC-Council Certified Incident Handler – ECIH and Computer Hacking Forensic Investigator – CHFI.

Join over 1 Million professionals from the most renowned Companies in the world!

certificate

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans
Annual Plans
Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering extensive resources with 600+ courses and diverse Learning Paths to enhance your skills.

$ 499.00
Billed annually or $59.00 billed monthly
Get Started Now
Start your 7-day trial for $1

What is included

  • 700+ Premium Short Courses
  • 50+ Structured Learning Paths
  • Validation of Completion with all courses and learning paths
  • New Courses added every month
Early Access Offer

Pro +

Experience immersive learning with Practice Labs, CTF Challenges, and exclusive EC-Council certifications for comprehensive skill-building.

$ 599.00
Billed annually or $69.00 billed monthly
Get Started Now
Start your 7-day trial for $1

Everything in Pro and

  • 800+ Practice Lab exercises with guided instructions
  • 150+ CTF Challenges with detailed walkthroughs
  • New Practice Labs and Challenges added every month
  • 3 Official EC-Council Essentials Certifications¹ (retails at $897!)
    Exclusive Bonus with Annual Plans

¹This plan includes Digital Forensics Essentials (DFE), Ethical Hacking Essentials (EHE), and Network Defense Essentials (NDE) certifications. No other EC-Council certifications are included.

Related Courses

  • Hands-on FortiGate Firewall

    Hands-on FortiGate Firewall

    Short Course

    Hands-on FortiGate Firewall

    Security Architecture and Operations

    Learn how to deploy the FortiGate NGFW and how to configure t...

    $99.99

    Intermediate

    3 hr 0 m

  • Hands-on SELinux

    Hands-on SELinux

    Short Course

    Hands-on SELinux

    Security Architecture and Operations

    Learn SELinux Basics: Implement Security Policies, Troublesho...

    $49.99

    Beginner

    5 hr 28 m

  • Complete Bash Shell Scripting

    Complete Bash Shell Scripting

    Short Course

    Complete Bash Shell Scripting

    Security Architecture and Operations

    Automate repetitive tasks with Bash Shell Scripting to save v...

    $79.99

    Intermediate

    18 hr 10 m

  • Installing and Mitigating Linux Rootkits

    Installing and Mitigating Linux Rootkits

    Short Course

    Installing and Mitigating Linux Rootkits

    Security Architecture and Operations

    Understanding the threat posed by rootkits in Linux and poten...

    $59.99

    Advanced

    3 hr 0 m

  • Start Hacking and Making Money Today at HackerOne

    Start Hacking and Making Money Today at HackerOne

    Short Course

    Start Hacking and Making Money Today at HackerOne

    Security Architecture and Operations

    Hack Legally and Get Paid for Your Findings

    $59.99

    Beginner

    1 hr 9 m

  • PowerShell Scripting Essentials: Anatomy of Logging – Developing a Logging Module

    PowerShell Scripting Essentials: Anatomy of Logging – Developing a Logging Module

    Short Course

    PowerShell Scripting Essentials: Anatomy of Logging – Developi...

    Security Architecture and Operations

    How to write a PowerShell module that contains functions to d...

    $69.99

    Intermediate

    6 hr 1 m

  • Machine Learning for Application in Digital Forensics

    Machine Learning for Application in Digital Forensics

    Short Course

    Machine Learning for Application in Digital Forensics

    Security Architecture and Operations

    Unlocking the Potential of Machine Learning: From Theory to P...

    $99.99

    Intermediate

    4 hr 0 m

  • Applied Python Cryptography

    Applied Python Cryptography

    Short Course

    Applied Python Cryptography

    Security Architecture and Operations

    Securing your Python code and protecting your users private i...

    $79.99

    Intermediate

    4 hr 0 m

1 8