top of page

1,600

NX213 – Network Forensics

Valid for 6 months

*Typical completion, beginning to end: 6-9 months, when studying regularly

Network Forensics

Deep-dive network traffic analysis

A foundational course that introduces learners to fundamental concepts of cybersecurity, digital networking, and security landscape.

Series

NX Defense

Program Code

NX213

Duration

Self-Pace*

*Typical completion, beginning to end: 6-9 months, when studying regularly

What Our Clients Say

John Bryce.jpg
“Over 1000 of our students have been trained using ThinkCyber's Products and Services. The hands-on experience they gain from using the Cyberium Arena Simulator and Specto is invaluable and has been instrumental in their career progression”

— John Bryce Training Center, Israel

HLS Testomonial.jpg
“The training was crucial, providing my team with a wealth of knowledge through hands-on experiences. This is why, throughout June 2023, we will be welcoming SOC analysts from across the nation to participate in the CACC (CERT-IL Advanced Cyber Training). This training, facilitated by ThinkCyber and utilizing the Cyberium simulator, will provide invaluable experience and knowledge upgrades.”

— Homeland Security

James CFC Testimonial.jpg
“Our students are getting excellent positions such as SOC Analysts, Network Security Engineers, Forensics and Penetration Testers thanks to the applicable and relevant hands-on cybersecurity skills they've acquired through ThinkCyber's solutions.”

— James Lim, CEO of Centre for Cybersecurity Institute, Singapore

Army Testimonial.jpg
“Exceptional course! I've attended numerous programs, but this outshines them all in every conceivable way: the comprehensive content, the expert guidance, the practical exercises, and the seamless organization of the entire course.”

— Defense Forces

Description

Network Forensics offers a deep dive into network analysis and intrusion detection. Participants will master packet analysis with tools like Wireshark, explore the network analysis framework Zeek, and tackle real-world case investigations, from detecting network anomalies to MiTM attacks. The course concludes with a focus on mitigation strategies, emphasizing the configuration and operation of IPS and IDS systems like Sysmon and Snort.

Program Recognition & Impact

This foundational program has been a cornerstone of cybersecurity training worldwide:

  • Trusted by military and law enforcement agencies for entry-level cyber training

  • Adopted by homeland security organizations for foundational cyber education

  • Used extensively in universities and corporations across multiple countries

  • Proven track record with over [X] professionals trained globally

Real-World Training Environment

From day one, you'll work in our Cyberium Arena simulator:

   

  • Hands-on practice with real networking tools

  • Safe environment to explore cybersecurity concepts

  • Industry-standard command line interfaces

  • Actual network monitoring and analysis tools

 

* Advanced threat scenarios with Specto-AI become available from Level-2 onwards

What You Will Learn

Network Forensics offers a deep dive into network analysis and intrusion detection. Participants will master packet analysis with tools like Wireshark, explore the network analysis framework Zeek, and tackle real-world case investigations, from detecting network anomalies to MiTM attacks. The course concludes with a focus on mitigation strategies, emphasizing the configuration and operation of IPS and IDS systems like Sysmon and Snort.

Network Forensics
  • Delve into the core of networking with an in-depth exploration of network protocols and packet structures. Master advanced tools and techniques, from Wireshark and TShark analysis to GeoIP integration and Scapy module applications. Enhance your skills in intrusion detection, packet crafting, and working with IPv6.

    • Networking

    • Network Protocols

    • Packet Structure

    • Netstat and ProcMon

    • SysInternal

    • Intrusion Detection Methods

    • Wireshark Advanced: Network Attacks

    • TShark Analysis

    • GeoIP Integration

    • Using the Scapy Module

    • Crafting and Analyzing Packets

    • Working with IPv6
       

  • Dive into the world of Zeek, a dynamic network analysis framework. Master the art of automating processes, monitoring data into logs, and utilizing Zeek-Cut parsing. Enhance investigative skills by replaying packets and crafting detailed timelines.

    • Zeek

    • Output Logs

    • Automating Process

    • Monitoring Data into Logs

    • Zeek-Cut Parsing

    • Replaying Packets for Investigating

    • Creating a Timeline
       

  • Embark on a comprehensive journey through network investigations, from understanding the MiTM attack and identifying network anomalies to mastering flow analysis. Delve into tools like NetworkMiner and file carvers, and navigate the intricacies of Wi-Fi, from capturing wireless traffic to managing network access modes.

    • Investigation Process

    • MiTM Attack

    • Find Network Anomalies 

    • Flow Analysis 

    • Network File Carving

    • NetworkMiner

    • File Carvers

    • Capturing Wireless Traffic

    • Gaining Access Through Wi-Fi

    • HTTPS Traffic 
       

  • Deepen your understanding of network security with IPS and IDS systems, focusing on their operation and configuration. Dive into the world of Sysmon, from installation to capturing network events. Enhance your expertise with tools like Snort, a cornerstone in intrusion detection.

    • IPS and IDS

    • Sysmon

    • Installing and Configuration Sysmon

    • Network Events

    • IDS/IPS Operation Process

    • IDS/IPS Configuration

    • Snort
       

bottom of page