Cyber Security Training Catalog – CNFE – Certified Network Forensics Examiner

Overview: This course will introduce students to examining network forensics. Topics covered include investigative methodology, physical interception, wireless traffic capture and analysis, malware forensics, and more.

Course Modules:

Module 01 – Digital Evidence Concepts 

(Duration:21 m)

  1. Workbook (Pdf)
  2. Digital Evidence Concepts
  3. Concepts in Digital Evidence
  4. Overview
  5. Background
  6. Real Evidence
  7. Best Evidence
  8. Direct Evidence
  9. Circumstantial Evidence
  10. Hearsay
  11. Business Records
  12. Digital Evidence
  13. Network-Based Digital Evidence
  14. Section Summary
  15. Review Quiz (Number of attempts allowed: Unlimited)

Module 03 – Network Forensics Investigative Methodology

(Duration: 43m)

  1. Workbook (Pdf)
  2. Network Forensics Investigative Methodology
  3. Oscar Methodology
  4. Overview
  5. Obtain Information
  6. Obtain Information
  7. Strategize
  8. Strategize
  9. Collect Evidence
  10. Collect Evidence
  11. Collect Evidence
  12. Collect Evidence
  13. Analyze
  14. Analyze
  15. Analyze
  16. Analyze
  17. Analyze
  18. Analyze
  19. Report
  20. Section Summary
  21. Review Quiz (Number of attempts allowed: Unlimited)

Module 05 – Network Principles

(Duration:27 m)

  1. Workbook (Pdf)
  2. Network Principles
  3. Principles of Internetworking
  4. Overview
  5. Background
  6. History
  7. Functionality
  8. Figure 5-1 The OSI Model
  9. Functionality
  10. Functionality
  11. Encapsulation/De-encapsulation
  12. Encapsulation/De-encapsulation
  13. Figure 5-2 OSI Model Encapsulation
  14. Encapsulation/De-encapsulation
  15. Encapsulation/De-encapsulation
  16. Encapsulation/De-encapsulation
  17. Figure5-3 OSI Model Peer Layer Logical Channels
  18. Encapsulation/De-encapsulation
  19. Figure 5-4 OSI Model Data Names
  20. Section Summary
  21. Review Quiz (Number of attempts allowed: Unlimited)

Module 07 – Physical Interception

(Duration: 47 m)

  1. Workbook (Pdf)
  2. Physical Interception
  3. Overview
  4. Goal
  5. Background
  6. Pigeon Sniffing
  7. Cables
  8. Copper
  9. Optical
  10. Radio Frequency
  11. Information that Can Be Gained from Wi-Fi Traffic
  12. Inline Network Tap
  13. Vampire Tap
  14. Radio Frequency
  15. Radio Frequency
  16. Hubs
  17. Switches
  18. Obtaining Traffic from Switches
  19. Sniffing on Switches
  20. Section Summary
  21. Review Quiz (Number of attempts allowed: Unlimited)

Module 09 – Live Acquisition

(Duration: 1h 10m)

  1. Workbook (Pdf)
  2. Live Acquisition
  3. Agenda
  4. Common Interfaces
  5. Overview
  6. Background
  7. Console
  8. Secure Shell (SSH)
  9. Secure Copy (SCP) and SFTP
  10. Telnet
  11. Simple Network Management Protocol (SNMP)
  12. SNMP
  13. Web and Proprietary Interfaces
  14. Section Summary
  15. Inspection without Access
  16. Overview
  17. Background
  18. Port Scanning
  19. Vulnerability Scanning
  20. Section Summary
  21. Strategy
  22. Overview
  23. Refrain
  24. Connect
  25. Record the Time
  26. Collect Evidence
  27. Record Investigative Activities
  28. Section Summary
  29. Review Quiz (Number of attempts allowed: Unlimited)

Module 11 – Protocol Analysis

(Duration: 1h 28m)

  1. Workbook (Pdf)
  2. Protocol Analysis
  3. Agenda
  4. Protocol Analysis
  5. Overview
  6. Background
  7. Tools
  8. Tools
  9. Tools
  10. Techniques
  11. Section Summary
  12. Packet Analysis
  13. Agenda
  14. Fundamentals and Challenges
  15. Protocol Analysis
  16. Documentation
  17. Protocol Analysis Tools
  18. Packet Details Markup Language and Packet Summary Markup Language
  19. Packet Details Markup Language and Packet Summary Markup Language
  20. Packet Details Markup Language and Packet Summary Markup Language
  21. Wireshark
  22. Wireshark Display
  23. Tshark
  24. Tshark Display
  25. Protocol Analysis Techniques
  26. Protocol Identification
  27. Protocol Decoding
  28. Exporting Fields
  29. Defined
  30. Packet Analysis Tools
  31. Wireshark and Tshark Display Filters
  32. ngrep
  33. Hex Editors
  34. Packet Analysis Techniques
  35. Pattern Matching
  36. Parsing Protocol Fields
  37. Packet Filtering
  38. Section Summary
  39. Flow Analysis
  40. Agenda
  41. Overview
  42. Background
  43. Defined
  44. Tools
  45. Follow TCP Stream
  46. Tools
  47. Flow Analysis Techniques
  48. Lists Conversations and Flows
  49. List TCP Flows
  50. Export Flow
  51. Manual File and Data Carving
  52. Automatic File Carving
  53. Higher-Layer Traffic Analysis
  54. HTTP
  55. DHCP
  56. SMTP
  57. DNS
  58. Higher-Layer Analysis Tools
  59. Higher-Layer Analysis Tools
  60. Section Summary
  61. Review Quiz (Number of attempts allowed: Unlimited)

Module 13 – Wireless Traffic Capture and Analysis

(Duration: 25m)

  1. Workbook (Pdf)
  2. Wireless Traffic Capture and Analysis
  3. Overview
  4. Spectrum Analysis
  5. Spectrum Analysis
  6. Spectrum Analysis
  7. Wireless Passive Evidence Acquisition
  8. Wireless Passive Evidence Acquisition
  9. Wireless Passive Evidence Acquisition
  10. Analyzing 802.11 Efficiently
  11. Section Summary
  12. Review Quiz (Number of attempts allowed: Unlimited)

Module 15 – Centralized Logging and Syslog

(Duration: 52m)

  1. Workbook (Pdf)
  2. Centralized Logging and Syslog
  3. Agenda
  4. Sources of Logs
  5. Overview
  6. Operating System Logs
  7. Operating System Logs
  8. Operating System Logs
  9. Operating System Logs
  10. Operating System Logs
  11. Application Logs
  12. Application Logs
  13. Physical Device Logs
  14. Network Devices
  15. Section Summary
  16. Network Log Architecture
  17. Overview
  18. Three Types of Logging Architectures
  19. Three Types of Logging Architectures
  20. Three Types of Logging Architectures
  21. Remote Logging: Common Pitfalls and Strategies
  22. Remote Logging: Common Pitfalls and Strategies
  23. Remote Logging: Common Pitfalls and Strategies
  24. Remote Logging: Common Pitfalls and Strategies
  25. Log Aggregation and Analysis Tools
  26. Log Aggregation and Analysis Tools
  27. Section Summary
  28. Collecting and Analyzing Evidence
  29. Overview
  30. Obtain Information
  31. Obtain Information
  32. Obtain Information
  33. Strategize
  34. Strategize
  35. Strategize
  36. Strategize
  37. Collect Evidence
  38. Collect Evidence
  39. Collect Evidence
  40. Collect Evidence
  41. Analyze
  42. Report
  43. Section Summary
  44. Review Quiz (Number of attempts allowed: Unlimited)

Module 17 – Web Proxies and Encryption

(Duration: 45m)

  1. Workbook (Pdf)
  2. Web Proxies and Encryption
  3. Agenda
  4. Web Proxy Functionality
  5. Overview
  6. WAP Attacks
  7. Caching
  8. URI Filtering
  9. Content Filtering
  10. Section Summary
  11. Web Proxy Evidence
  12. Overview
  13. Background
  14. Types of Evidence
  15. Obtaining Evidence
  16. Section Summary
  17. Web Proxy Analysis
  18. Overview
  19. Background
  20. Log Analysis Tools
  21. Log Analysis Tools
  22. Log Analysis Tools
  23. Log Analysis Tools
  24. Section Summary
  25. Encrypted Web Traffic
  26. Overview
  27. Background
  28. Transport Layer Security (TLS)
  29. Gaining Access to Encrypted Content
  30. Review Quiz (Number of attempts allowed: Unlimited)

Module 19 – Malware Forensics

(Duration: 33m)

  1. Workbook (Pdf)
  2. Malware Forensics
  3. Trends in Malware Evolution
  4. Overview
  5. Background
  6. Botnets
  7. Encryption and Obfuscation
  8. Distributed Command-and-
  9. Control Systems
  10. Automatic Self-Updates
  11. Metamorphic Network Behavior
  12. Section Summary
  13. Review Quiz (Number of attempts allowed: Unlimited)

Module 02 – Network Evidence Challenges

(Duration:24 m)

  1. Workbook (Pdf)
  2. Network Evidence Challenges
  3. Challenges Relating to Network Evidence
  4. Overview
  5. Acquisition
  6. Content
  7. Storage
  8. Privacy
  9. Seizure
  10. Admissibility
  11. Section Summary
  12. Review Quiz (Number of attempts allowed: Unlimited)

Module 04 – Network-Based Evidence

(Duration: 1h 3m)

  1. Workbook (Pdf)
  2. Network-Based Evidence
  3. Sources of Network-Based Evidence
  4. Overview
  5. Background
  6. Background
  7. On the Wire
  8. In the Air
  9. Switches
  10. Routers
  11. DHCP Servers
  12. Name Servers
  13. Authentication Servers
  14. Network Intrusion Detection/Prevention Systems
  15. Firewalls
  16. Web Proxies
  17. Application Servers
  18. Central Log Servers
  19. A Quick Protocol Review
  20. A Quick Protocol Review
  21. Internet Protocol Suite Review
  22. IPv4 vs IPv6
  23. IPv4 vs IPv6
  24. TCP vs UDP
  25. TCP vs UDP
  26. Section Summary
  27. Review Quiz (Number of attempts allowed: Unlimited)

Module 06 – Internet Protocol Suite

(Duration: 1h 19m)

  1. Workbook (Pdf)
  2. Internet Protocol Suite
  3. Overview
  4. Background
  5. History of Internet Protocol Suite
  6. Application Layer
  7. Application Layer Examples
  8. Transport Layer
  9. Layer 4 Protocols
  10. Internet Layer
  11. Network Access Layer
  12. Comparing the OSI Model and TCP/IP Model
  13. Similarities of the OSI and TCP/IP Models
  14. Differences of the OSI and TCP/IP Models
  15. Internet Architecture
  16. IPv4
  17. IP Address as a 32-Bit Binary Number
  18. Binary and Decimal Conversion
  19. IP Address Classes
  20. IP Address Classes
  21. IP Addresses as Decimal Numbers
  22. Hosts for Classes of IP Addresses
  23. IP Addresses as Decimal Numbers
  24. Network IDs and Broadcast Addresses
  25. Private Addresses
  26. Reserved Address Space
  27. Basics of Subnetting
  28. Subnetworks
  29. Subnetworks
  30. Subnet Mask
  31. Subnet Mask
  32. IPv6
  33. IPv4 versus IPv6
  34. Transmission Control Protocol
  35. User Datagram Protocol
  36. ARP
  37. ARP Operation Within a Subnet
  38. ARP Process
  39. Advanced ARP Concepts
  40. Default Gateway
  41. How ARP Sends Data to Remote Networks
  42. Proxy ARP
  43. Section Summary
  44. Review Quiz (Number of attempts allowed: Unlimited)

Module 08 – Traffic Acquisition Software

(Duration:50 m)

  1. Workbook (Pdf)
  2. Traffic Acquisition Software
  3. Agenda
  4. Libpcap and WinPcap
  5. Background
  6. Libpcap- Introduction
  7. Installing Libpcap using the RPMs
  8. Installing Libpcap using the RPMs
  9. Installing Libpcap from the Source Files
  10. Installing Libpcap from the Source Files (Configure)
  11. Installing Libpcap from the Source Files (Make/Make Install))
  12. WinPcap- Introduction
  13. Installing WinPcap
  14. Section Summary
  15. The Berkeley Packet Filter (BPF) Language
  16. Overview
  17. Background
  18. BPF Primitives
  19. Filtering Packets by Byte Value
  20. Examples
  21. Filtering Packets by Bit Value
  22. Filtering Packets by Bit Value
  23. Section Summary
  24. Tcpdump
  25. Overview
  26. Background
  27. Basics
  28. Basics
  29. Installing tcpdump (Windows Installation)
  30. Installing tcpdump (Windows Installation)
  31. Installing tcpdump (Linux Installation)
  32. Installing tcpdump (Linux Installation)
  33. Installing tcpdump (Linux Installation)
  34. Filtering Packets with tcpdump
  35. Filtering Packets with tcpdump
  36. Section Summary
  37. Wireshark
  38. Overview
  39. Background
  40. Installing Wireshark
  41. Installing Wireshark (Microsoft Windows Systems)
  42. Installing Wireshark (Linux Systems)
  43. Wireshark Protocol Analyzer
  44. Section Summary
  45. Tshark
  46. Overview
  47. Background
  48. Examples of tshark
  49. Statistics
  50. Examples
  51. Section Summary
  52. Review Quiz (Number of attempts allowed: Unlimited)

Module 10 – Layer 2 Protocol

(Duration: 31m)

  1. Workbook (Pdf)
  2. Layer 2 Protocol
  3. The IEEE Layer 2 Protocol Series
  4. Overview
  5. Background
  6. Layer 2 Protocols
  7. CSMA/CD
  8. CSMA/CD
  9. 802.11 Protocol Suite: Frame Types
  10. 802.11 Protocol Suite: Frame Types (Management Frames)
  11. 802.11 Protocol Suite: Frame Types (Management Frames)
  12. 802.11 Protocol Suite: Frame Types (Control Frames)
  13. 802.11 Protocol Suite: Frame Types (Data Frames)
  14. 802.11 Protocol Suite: Frame Analysis
  15. 802.11 Protocol Suite: Network-Byte Order
  16. 802.11 Protocol Suite: Endianness
  17. 802.11 Protocol Suite: Network-Byte Order
  18. 802.11 Protocol Suite: Wired Equivalent Privacy
  19. 802.11 Protocol Suite: Wired Equivalent Privacy
  20. An 802.11 Packet Capture Displayed in Wireshark
  21. 802.1X
  22. Section Summary
  23. Review Quiz (Number of attempts allowed: Unlimited)

Module 12 – Wireless Access Points

(Duration: 20m)

  1. Workbook (Pdf)
  2. Wireless Access Points
  3. Overview
  4. Background
  5. Background
  6. Background
  7. Background
  8. Background
  9. Why Investigate WAPs?
  10. Types of WAPs
  11. Types of WAPs
  12. Types of WAPs
  13. Volatile Data and Persistent Data
  14. Section Summary
  15. Review Quiz (Number of attempts allowed: Unlimited)

Module 14 – NIDS/Snor

(Duration: 57m)

  1. Workbook (Pdf)
  2. NIDS/Snort
  3. Agenda
  4. Investigating NIDS/NIPS and NIDS/NIPS Functionality
  5. Overview
  6. Background
  7. Sniffing
  8. Higher-Layer Protocols Awareness
  9. Alerting on Suspicious Bits
  10. Section Summary
  11. NIDS/NIPS Evidence Acquisition
  12. Overview
  13. Background
  14. Types of Evidence: Configuration
  15. Types of Evidence: Alert Data
  16. Types of Evidence: Packet Header/Content Data
  17. Types of Evidence: Activities Correlated Across Multiple Sensors
  18. NIDS/NIPS Interfaces
  19. Section Summary
  20. Comprehensive Packet Logging
  21. Overview
  22. Background
  23. Background
  24. Evidence
  25. Section Summary
  26. Snort
  27. Overview
  28. Background
  29. Basic Architecture
  30. Snort File Locations
  31. Snort Rule Language
  32. Snort Rules
  33. Section Summary
  34. Review Quiz (Number of attempts allowed: Unlimited)

Module 16 – Investigating Network Devices

(Duration: 54m)

  1. Workbook (Pdf)
  2. Investigating Network Devices
  3. Agenda
  4. Storage Media
  5. Overview
  6. Background
  7. DRAM (Dynamic Random-Access Memory)
  8. CAM (Content-Addressable Memory)
  9. NVRAM (Non-Volatile Random-Access Memory)
  10. Hard Drive
  11. ROM
  12. Section Summary
  13. Switches
  14. Overview
  15. Background CAM Tables (Content-Addressable Memory)
  16. ARP
  17. Types of Switches
  18. Types of Switches
  19. Switch Evidence
  20. Section Summary
  21. Routers
  22. Overview
  23. Background
  24. Types of Routers
  25. Router Evidence
  26. Section Summary
  27. Firewalls
  28. Overview
  29. Background
  30. Types of Firewalls
  31. Types of Firewalls
  32. Firewall Evidence
  33. Section Summary
  34. Review Quiz (Number of attempts allowed: Unlimited)

Module 18 – Network Tunneling

(Duration: 36m)

  1. Workbook (Pdf)
  2. Network Tunneling
  3. Tunneling for Functionality
  4. Overview
  5. VLAN Trunking
  6. Inter-Switch Link (ISL)
  7. Generic Routing Encapsulation (GRE)
  8. IPv4 over IPv6 with Teredo
  9. Implications for the Investigator
  10. Section Summary
  11. Tunneling for Confidentiality
  12. Overview
  13. Background
  14. Internet Protocol Security (IPsec)
  15. TLS/SSL
  16. Implications for the Investigator
  17. Section Summary
  18. Covert Tunneling
  19. Overview
  20. Covert Tunneling Strategies
  21. TCP Sequence Numbers
  22. DNS Tunnels
  23. Implications for the Investigator
  24. Review Quiz (Number of attempts allowed: Unlimited)

Module 20 – Network Forensics and Investigating Logs

(Duration: 51m)

  1. Workbook (Pdf)
  2. Network Forensics and Investigating Logs
  3. Agenda
  4. Key Term
  5. Network Forensics
  6. Analyzing Network Data
  7. The Intrusion Process
  8. Looking for Evidence
  9. Looking for Evidence
  10. Looking for Evidence
  11. Looking for Evidence
  12. End-to-End Forensic Investigation
  13. End-to-End Forensic Investigation
  14. End-to-End Forensic Investigation
  15. Log File as Evidence
  16. Legality of Using Logs
  17. Legality of Using Logs
  18. Legality of Using Logs
  19. Legality of Using Logs
  20. Examining Intrusion and Security Events
  21. Examining Intrusion and Security Events
  22. Intrusion Detection
  23. Using Multiple Logs as Evidence
  24. Maintaining Credible IIS Log Files
  25. Log File Accuracy
  26. Logging Everything
  27. Extended Logging in IIS Server
  28. Extended Logging in IIS Server
  29. Extended Logging in IIS Server
  30. Keeping Time
  31. UTC (Coordinated Universal Time)
  32. Review Quiz (Number of attempts allowed: Unlimited)

Training Final Exam ?

Are you ready to earn your certificate of completion?

Launch The Exam

This course includes
  • about 15.18hours on-demand video
  • 20 downloadable Pdf Workbooks
  • Unlimited time access (During Membership)
  • Access on mobile and Desktop
  • Certificate of Completion