1. Education
  2. Courseware

Network Forensics

Course Objectives and Learning Outcomes

This course introduces and explains the fundamental concepts of network forensics, core of network forensics related to different network devices and network based applications, and tools used to collect, analyze and report forensics related data. Upon completion of the course, students will be able to:

  • Understand the concept of digital evidence
  • Understand the design of network sensors and deployment
  • Understand mechanisms to investigate network devices
  • Understand mechanisms to investigate network applications
  • Be able to use data collection tools and data analysis tools
  • Be able to write network forensics report
  • Understand the privacy issues in network forensics

    • View Syllabus of Network Forensics Course

    Modules Submodules Units Included
    Foundations of Network Forensics Review of Network Threats (Internal threats & external threats)
    Review of Computer Forensics
    Event Logs
    Evidences
    Location awareness
    Co-relating attacks
    Core of Network Forensics Investigating Network Devices
    (Part I)
    		 Proxies and Forensics
    Firewalls and Forensics
    NIDS & NIPS and Forensics
    VPN and Forensics
    Router and Forensics

    		Investigating Network Attacks
    (Part II)    		 BotNet Forensics
    DDoS Forensics
    Malware Forensics
    Focused Topics in Network Forensics
    		 Media Forensics
    Web Forensics
    Email Forensics
    Smartphone Forensics
    Cloud Forensics
    IoT Forensics
    Forensics and Privacy Privacy and Forensics
    Ethics and Forensics
    Reporting Investigation Results
    Network Forensics Tools and Hands-on activities Tcpdumping with the libpcap library
    Sniffing wireless traffic with Wireshark
    Packet sniffing and analysis with NetworkMiner
    Malware identifying with YARA
    Evidence acquisition with SNORT
    Collect and analyze log file with Splunk