Certified Network Forensics Examiner

Duration:

5 Days

Audience:

Employees of federal, state and local governments; and businesses working with the government.

Course Description:

This course was originally designed for a select U.S. Government Intelligence Agency. The C)NFE certification program will prepare students to exercise true advanced networking forensics techniques through the use of proprietary labs in Mile2’s exclusive cyber range.

You should attend this course if you are: Cyber Security team members who need to respond to intrusions, ‘hacks’ and incidents in their network, Cyber Security team members that are required to know how to examine, probe, trace, frisk, and interrogate their network(s) to find out how they were compromised or Those IT pros that want to advance their network investigative and incident response handling policies, procedures and techniques.

Course Outline

  • Module 1 -Digital Evidence Concepts
  • Module 2 -Network Evidence Challenges
  • Module 3 – Network Forensics Investigative MethodologyModule 4 – Network-Based Evidence
  • Module 5 – Network Principles
  • Module 6 – Internet Protocol Suite
  • Module 7 – Physical Interception
  • Module 8 – Traffic Acquisition Software
  • Module 9 – Live Acquisition
  • Module 10 – Analysis
  • Module 11 – Layer 2 Protocol
  • Module 12- Wireless Access Points
  • Module 13 – Wireless Capture Traffic and Analysis
  • Module 14 – Wireless Attacks
  • Module 15 – NIDS_Snort
  • Module 16 – Centralized Logging and Syslog
  • Module 17 – Investigating Network Devices
  • Module 18 – Web Proxies and Encryption
  • Module 19 – Network Tunneling
  • Module 20 – Malware Forensics

Labs

Lab 1 – Working with captured files

  • Exercise 1 – HTTP.pcap
  • Exercise 2 – SMB.pcap
  • Exercise 3 – SIP_RTP.pcap

Lab 2 – Layer 2 Attacks

  • Exercise 1 – Analyze the capture of macof.
  • Exercise 2 – Manipulating the STP root bridge election process

Lab 2 – Active Evidence Acquisition
Lab 3 – Preparing for Packet Inspection
Lab 4 – Analyzing Packet Captures

  • Exercise 1: Analyze TKIP and CCMP Frames starting from 4-Way Handshake process

Lab 5 – Case Study: ABC Real Estate
Lab 6 – NIDS/NIPS

  • Exercise 1 – Use Snort as Packet Sniffer
  • Exercise 2 – Use Snort as a packet logger
  • Exercise 3 – Check Snort’s IDS abilities with pre-captured attack pattern files

Lab 7 – Syslog Exercise
Lab 8 – Network Device Log
Lab 9 – SSL

  • Exercise 1- Decrypting SSL Traffic by using a given Certificate Private Key
  • Exercise 2 – SSL and Friendly Man-in-the-middle