C)NFE: Certified Network Forensics Examiner
Target group
- Digital and Network Forensics Examiners
- IS Managers
- Network Auditors
- IT Managers
Description
The Certified Network Forensics Examiner, C)NFEThis certification was developed for a U.S. classified government agency. It's purpose is to push students with a digital and network forensic skill set to the next level. In this course you will navigate through 20+ modules of network forensic topics. The C)NFE provides practical experience through our lab exercises that simulate real-world scenarios covering investigation and recovery of data in network. The C)NFE focuses on centralizing and investigating logging systems as well as network devices. Take your forensics career to the next level with Mile2's Network Forensics Engineer course.
Program
- Duration : 5 days
Module 1: Digital Evidence Concepts
- Overview
- Concepts in Digital Evidence
- Section Summary
- Summary module
Module 2: Network Evidence Challenges
- Overview
- Challenges Relating to Network Evidence
- Section Summary
- Summary module
Module 3: Network Forensics Investigative Methodology
- Overview
- OSCAR Methodology
- Section Summary
- Summary module
Module 4: Network-Based Evidence
- Overview
- Sources of Network-Based Evidence
- Section Summary
- Summary module
Module 5: Network Principles
- Background
- History
- Functionality
- Figures:
- FIGURE 5-1: The OSI Model Functionality
- FIGURE 5-2: OSI Model Encapsulation/De-encapsulation
- FIGURE 5-3: OSI Model Peer Layer Logical Channels
- FIGURE 5-4: OSI Model Data Names
- Section Summary
Module 6: Internet Protocol Suite
- Overview
- Internet Protocol Suite
- Section Summary
- Summary module
Module 7: Physical Interception
- Physical Interception
- Section Summary
- Summary module
Module 8: Traffic Acquisition Software
- Agenda
- Tools:
- Libpcap and WinPcap
- LIBPCAP
- WINPCAP
- BPF Language
- TCPDUMP
- WIRESHARK
- TSHARK
- Summaries section
- Summary module
Module 9: Live Acquisition
- Agenda
- Common Interfaces
- Inspection Without Access
- Strategy
- Summaries section
- Summary module
Module 10: Analysis
- Agenda
- Protocol Analysis
- Section 01: Protocol Analysis
- Section 02: Packet Analysis
- Section 03: Flow Analysis
- Section 04: Higher-Layer Traffic Analysis
- Summaries section
- Summary module
Module 11: Layer 2 Protocol
- Agenda
- The IEEE Layer 2 Protocol Series
- Section Summary
- Summary module
Module 12: Wireless Access Points
- Agenda
- Wireless Access Points (WAPs)
- Section Summary
- Summary module
Module 13: Wireless Capture Traffic and Analysis
- Agenda
- Wireless Traffic Capture and Analysis
- Section Summary
- Summary module
Module 14: Wireless Attacks
- Agenda
- Common Attacks
- Section Summary
- Summary module
Module 15: NIDS/Snort
- Agenda
- Investigating NIDS/NIPS and Functionality
- NIDS/NIPS Evidence Acquisition
- Comprehensive Packet Logging
- Snort
- Summaries section
- Summary module
Module 16: Centralized Logging and Syslog
- Agenda
- Sources of Logs
- Network Log Architecture
- Collecting and Analyzing Evidence
- Summaries section
- Summary module
Module 17: Investigating Network Devices
- Agenda
- Network Devices:
- Storage Media
- Switches
- Routers
- Firewalls
- Summaries section
Module 18: Web Proxies and Encryption
- Agenda
- Web Proxy Functionality
- Web Proxy Evidence
- Web Proxy Analysis
- Encrypted Web Traffic
- Summaries section
Module 19: Network Tunneling
- Agenda
- Tunneling Purposes:
- Functionality
- Confidentiality
- Covert Tunneling
- Summaries section
- Summary module
Module 20: Malware Forensics
- Trends in Malware Evolution
- Section Summary
- Summary module
Detailed Labs Outline
Modules 4, 5, and 6: Working with Captured Files
- Lab 1: Sniffing with Wireshark
- Lab 2: HTTP Protocol Analysis
- Lab 3: SMB Protocol Analysis
- Lab 4: SIP/RTP Protocol Analysis
- Lab 5: Protocol Layers
Modules 7, 8, 9, 10, and 11: Evidence Acquisition
- Lab 6: Analyzing the Capture of MacOf
- Lab 7: Manipulating STP Algorithm
- Lab 8: Active Evidence Acquisition
Modules 12, 13, and 14: Wireless Traffic Evidence Acquisition
- Lab 9: IEEE 802.11
Module 15: IDS/IPS Forensics
- Lab 10: Use Snort as Packet Sniffer
- Lab 11: Use Snort as Packet Logger
- Lab 12: Check Snort's IDS Abilities with Pre-Captured Attack Pattern Files
Modules 16 and 21: Network Forensics and Investigating Logs
- Lab 13: Syslog Lab
- Lab 14: Network Device Log
- Lab 15: Log Mysteries
Modules 17 and 18: SSL and Encryption
- Lab 16: Step-by-Step Trace Analysis
- Step 1: Open a Trace
- Step 2: Inspect the Trace
- The SSL Handshake:
- Hello Messages
- Certificate Messages
- Client Key Exchange and Change Cipher Messages
- Alert Message
- Lab 17: SSL and Friendly Man-in-the-Middle
Module 20: Malware Forensics
- Lab 18: Analyzing Malicious Portable Destructive Files
- Lab 19: Mobile Malware
Goal
Upon completion, Certified Network Forensics Examiner students will have knowledge to perform network forensic examinations. Be able to accurately report on their findings, and be ready to sit for the C)NFE exam.
Prerequisites
- 2 years networking experience
- 2 years in IT Security - Working knowledge of TCPIP
- Language : English
- Level : Level 350
- Certification body : Mile2
- Certification: Yes
- Accessibility : Yes
- Duration: 5 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).