C)NFE: Certified Network Forensics Examiner
Target group
- Digital and Network Forensics Examiners
- IS Managers
- Network Auditors
- IT Managers
Description
The Certified Network Forensics Examiner, C)NFE, certification was developed for a U.S. classified government agency. It’s purpose is to push students with a digital and network forensic skill set to the next level. In this course you will navigate through 20+ modules of network forensic topics. The C)NFE provides practical experience through our lab exercises that simulate real-world scenarios covering investigation and recovery of data in network. The C)NFE focuses on centralizing and investigating logging systems as well as network devices. Take your forensics career to the next level with Mile2’s Network Forensics Engineer course.
Program
- Duration : 5 days
Module 1: Digital Evidence Concepts
- Overview
- Concepts in Digital Evidence
- Section Summary
- Module Summary
Module 2: Network Evidence Challenges
- Overview
- Challenges Relating to Network Evidence
- Section Summary
- Module Summary
Module 3: Network Forensics Investigative Methodology
- Overview
- OSCAR Methodology
- Section Summary
- Module Summary
Module 4: Network-Based Evidence
- Overview
- Sources of Network-Based Evidence
- Section Summary
- Module Summary
Module 5: Network Principles
- Background
- History
- Functionality
- Figures:
- FIGURE 5-1: The OSI Model Functionality
- FIGURE 5-2: OSI Model Encapsulation/De-encapsulation
- FIGURE 5-3: OSI Model Peer Layer Logical Channels
- FIGURE 5-4: OSI Model Data Names
- Section Summary
Module 6: Internet Protocol Suite
- Overview
- Internet Protocol Suite
- Section Summary
- Module Summary
Module 7: Physical Interception
- Physical Interception
- Section Summary
- Module Summary
Module 8: Traffic Acquisition Software
- Agenda
- Tools:
- Libpcap and WinPcap
- LIBPCAP
- WINPCAP
- BPF Language
- TCPDUMP
- WIRESHARK
- TSHARK
- Section Summaries
- Module Summary
Module 9: Live Acquisition
- Agenda
- Common Interfaces
- Inspection Without Access
- Strategy
- Section Summaries
- Module Summary
Module 10: Analysis
- Agenda
- Protocol Analysis
- Section 01: Protocol Analysis
- Section 02: Packet Analysis
- Section 03: Flow Analysis
- Section 04: Higher-Layer Traffic Analysis
- Section Summaries
- Module Summary
Module 11: Layer 2 Protocol
- Agenda
- The IEEE Layer 2 Protocol Series
- Section Summary
- Module Summary
Module 12: Wireless Access Points
- Agenda
- Wireless Access Points (WAPs)
- Section Summary
- Module Summary
Module 13: Wireless Capture Traffic and Analysis
- Agenda
- Wireless Traffic Capture and Analysis
- Section Summary
- Module Summary
Module 14: Wireless Attacks
- Agenda
- Common Attacks
- Section Summary
- Module Summary
Module 15: NIDS/Snort
- Agenda
- Investigating NIDS/NIPS and Functionality
- NIDS/NIPS Evidence Acquisition
- Comprehensive Packet Logging
- Snort
- Section Summaries
- Module Summary
Module 16: Centralized Logging and Syslog
- Agenda
- Sources of Logs
- Network Log Architecture
- Collecting and Analyzing Evidence
- Section Summaries
- Module Summary
Module 17: Investigating Network Devices
- Agenda
- Network Devices:
- Storage Media
- Switches
- Routers
- Firewalls
- Section Summaries
Module 18: Web Proxies and Encryption
- Agenda
- Web Proxy Functionality
- Web Proxy Evidence
- Web Proxy Analysis
- Encrypted Web Traffic
- Section Summaries
Module 19: Network Tunneling
- Agenda
- Tunneling Purposes:
- Functionality
- Confidentiality
- Covert Tunneling
- Section Summaries
- Module Summary
Module 20: Malware Forensics
- Trends in Malware Evolution
- Section Summary
- Module Summary
Detailed Labs Outline
Modules 4, 5, and 6: Working with Captured Files
- Lab 1: Sniffing with Wireshark
- Lab 2: HTTP Protocol Analysis
- Lab 3: SMB Protocol Analysis
- Lab 4: SIP/RTP Protocol Analysis
- Lab 5: Protocol Layers
Modules 7, 8, 9, 10, and 11: Evidence Acquisition
- Lab 6: Analyzing the Capture of MacOf
- Lab 7: Manipulating STP Algorithm
- Lab 8: Active Evidence Acquisition
Modules 12, 13, and 14: Wireless Traffic Evidence Acquisition
- Lab 9: IEEE 802.11
Module 15: IDS/IPS Forensics
- Lab 10: Use Snort as Packet Sniffer
- Lab 11: Use Snort as Packet Logger
- Lab 12: Check Snort’s IDS Abilities with Pre-Captured Attack Pattern Files
Modules 16 and 21: Network Forensics and Investigating Logs
- Lab 13: Syslog Lab
- Lab 14: Network Device Log
- Lab 15: Log Mysteries
Modules 17 and 18: SSL and Encryption
- Lab 16: Step-by-Step Trace Analysis
- Step 1: Open a Trace
- Step 2: Inspect the Trace
- The SSL Handshake:
- Hello Messages
- Certificate Messages
- Client Key Exchange and Change Cipher Messages
- Alert Message
- Lab 17: SSL and Friendly Man-in-the-Middle
Module 20: Malware Forensics
- Lab 18: Analyzing Malicious Portable Destructive Files
- Lab 19: Mobile Malware
Goal
Upon completion, Certified Network Forensics Examiner students will have knowledge to perform network forensic examinations. Be able to accurately report on their findings, and be ready to sit for the C)NFE exam.
Prerequisites
- 2 years networking experience
- 2 years in IT Secuirty – Working knowledge of TCPIP
- Langue : Anglais
- Niveau : Level 350
- Organisme de certification : Mile2
- Certification : Oui
- Accesibilité : Oui
- Durée : 5 Jours
