The Certified Network Forensics Examiner, C)NFE, certification was developed for a U.S. classified government agency. It's purpose is to push students with a digital and network forensic skill set to the next level. In this course you will navigate through 20+ modules of network forensic topics.
The C)NFE provides practical experience through our lab exercises that simulate real-world scenarios covering investigation and recovery of data in network.
The C)NFE focuses on centralizing and investigating logging systems as well as network devices. Take your forensics career to the next level with Mile2's Network Forensics Engineer course.
|
|
Key takeaways |
Upon completion you will have knowledge to perform network forensic examinations, and be able to accurately report on their findings.
By completing this course you will earn 40 CEUs.
|
|
Prerequisites |
Suggested Prerequisites:
|
|
Target audience |
Modules:
Hands-On Labs:
Detailed Outline:
Course Introduction
Module 1 -Digital Evidence Concepts
Overview
Concepts in Digital Evidence
Section Summary
Module Summary
Module 2 -Network Evidence Challenges
Overview
Challenges Relating to Network Evidence
Section Summary
Module Summary
Module 3 - Network Forensics Investigative Methodology
Overview
OSCAR Methodology
Section Summary
Module Summary
Module 4 - Network-Based Evidence
Overview
Sources of Network-Based Evidence
Section Summary
Module Summary
Module 5 - Network Principles
Background
History
Functionality
FIGURE 5-1 The OSI Model
Functionality
Encapsulation/De-encapsulation
FIGURE 5-2 OSI Model Encapsulation
Encapsulation/De-encapsulation
FIGURE 5-3 OSI Model peer layer logical channels
Encapsulation/De-encapsulation
FIGURE 5-4 OSI Model data names
Section Summary
Module Summary
Module 6 - Internet Protocol Suite
Overview
Internet Protocol Suite
Section Summary
Module Summary
Module 7 - Physical Interception
Physical Interception
Section Summary
Module Summary
Module 8 - Traffic Acquisition Software
Agenda
Libpcap and WinPcap
LIBPCAP
WINPCAP
Section Summary
BPF Language
Section Summary
TCPDUMP
Section Summary
WIRESHARK
Section Summary
TSHARK
Section Summary
Module Summary
Module 9 - Live Acquisition
Agenda
Common Interfaces
Section Summary
Inspection Without Access
Section Summary
Strategy
Section Summary
Module Summary
Module 10 - Analysis
Agenda
Protocol Analysis
Section Summary
Section 02
Packet Analysis
Section Summary
Section 03
Flow Analysis
Protocol Analysis
Section Summary
Section 04
Higher-Layer Traffic Analysis
Section Summary
Module Summary
Module 11 - Layer 2 Protocol
Agenda
The IEEE Layer 2 Protocol Series
Section Summary
Module Summary
Module 12- Wireless Access Points
Agenda
Wireless Access Points (WAPs)
Section Summary
Module Summary
Module 13 - Wireless Capture Traffic and Analysis
Agenda
Wireless Traffic Capture and Analysis
Section Summary
Module Summary
Module 14 - Wireless Attacks
Agenda
Common Attacks
Section Summary
Module Summary
Module 15 - NIDS_Snort
Agenda
Investigating NIDS/NIPS
and Functionality
Section Summary
NIDS/NIPS Evidence Acquisition
Section Summary
Comprehensive Packet Logging
Section Summary
Snort
Section Summary
Module Summary
Module 16 - Centralized Logging and Syslog
Agenda
Sources of Logs
Section Summary
Network Log Architecture
Section Summary
Collecting and Analyzing Evidence
Section Summary
Module Summary
Module 17 - Investigating Network Devices
Agenda
Storage Media
Section Summary
Switches
Section Summary
Routers
Section Summary
Firewalls
Section Summary
Module Summary
Module 18 - Web Proxies and Encryption
Agenda
Web Proxy Functionality
Section Summary
Web Proxy Evidence
Section Summary
Web Proxy Analysis
Section Summary
Encrypted Web Traffic
Section Summary
Module Summary
Module 19 - Network Tunneling
Agenda
Tunneling for Functionality
Section Summary
Tunneling for Confidentiality
Section Summary
Covert Tunneling
Section Summary
Module Summary
Module 20 - Malware Forensics
Trends in Malware Evolution
Section Summary
Module Summary
Detailed Labs Outline:
Module 4, 5 and 6 - Working with captured files
Lab 1: Sniffing with Wireshark
Lab 2: HTTP Protocol Analysis
Lab 3: SMB Protocol Analysis
Lab 4: SIP/RTP Protocol Analysis
Lab 5: Protocol Layers
Module 7, 8, 9, 10, 11 – Evidence Acquisition
Lab 6: Analyzing the capture of MacOf
Lab 7: Manipulating STP algorithm
Lab 8: Active Evidence Acquisition
Module 12, 13, 14 – Wireless Traffic Evidence Acquisition
Lab 9: IEEE 802.11
Module 15: IDS/IPS Forensics
Lab 10: Use Snort as Packet Sniffer
Lab 11: Use Snort as Packet Logger
Lab 12: Check Snort’s IDS abilities with pre-captured attack pattern files
Module 16 and 21 - Network forensics and investigating logs
Lab 13: Syslog lab
Lab 14: Network Device Log
Lab 15: Log Mysteries
Modules 17, 18 – SSL and Encryption
Lab 16:
Hello Messages
Certificate Messages
Client Key Exchange and Change Cipher Messages
Alert Message
Lab 17: SSL and Friendly Man-in-the-middle
Module 20 - Malware Forensics
Lab 18: Analyzing Malicious Portable Destructive Files
Lab 19: Mobile Malware
Objective:
Upon completion, Certified Network Forensics Examiner students will be ready to sit for the C)NFE exam.
The exam is taken online through Mile2’s Learning Management System and is accessible on your Mile2.com account. The exam will take approximately 2 hours and consist of 100 multiple choice questions.
A minimum grade of 70% is required for certification.
Your exam is included in the course fee!
All Mile2 certifications will be awarded a 3-year expiration date.
There are two requirements to maintain Mile2 certification:
For digitale etterforskere og nettverksetterforskere, informasjonssikkerhets- og IT-ledere samt nettverksrevisorer som vil løfte etterforskning av nettverkshendelser til neste nivå – med fokus på logging, nettverksenheter og protokollanalyse.
Anbefalt: ca. 2 år nettverkserfaring, 2 år innen IT-sikkerhet og praktisk kjennskap til TCP/IP.
En komplett metodikk for nettverksforensikk: digitalt bevis og nettverksbevis, innhenting (live/physical interception), protokoll- og pakkeanalyse, Layer 2, trådløse nett, NIDS/IPS (Snort), sentralisert logging/Syslog, etterforskning av nettverksenheter (switcher, rutere, brannmurer), web-proxy og kryptert trafikk, tunnellering og malware-forensikk.
Fullført kurs gir 40 CEUs og forbereder deg til C)NFE-eksamen.
Leveres som klasseromskurs, live virtuelt eller bedriftsinternt/skreddersøm. Varighet: 5 dager. Undervisningen kombinerer teori med omfattende labber (Wireshark, HTTP/SMB/SIP/RTP, STP/MacOF, 802.11, Snort som sniffer/logger/IDS, Syslog, enhetslogger m.m.).
Ja – du jobber gjennom realistiske labscenarier for å samle, analysere og rapportere nettverksbevis, inkludert dekrypteringshåndtrykk/SSL-innsikt, «friendly MITM», og rapportering som tåler revisjon/etterforskning.
Kursavgiften er 35 000 NOK, og eksamen er inkludert i prisen.
Du får tilgang til Mile2 sitt digitale læringssystem, offisielt kursmateriell, videoer og øvelser.
Ja – kurset inkluderer sertifiseringseksamnen Certified Network Forensics.
Eksamen varer ca. 2 timer og består av 100 multiple-choice spørsmål
Eksamen tas online via Mile2 sin læringsplattform.
Sertifiseringen er gyldig i 3 år. For å beholde den må du:
Ja – kurset tilbys både som fysisk kurs i klasserom og som live, virtuelt kurs.
Ja – kurset kan tilbys bedriftsinternt og tilpasses organisasjonens behov.
Ja – vi tilbyr bedriftsinterne kurs både fysisk og virtuelt.
