Host Based Network Forensics – (Live on-site, Pittsburgh, PA ) – March 2025
5-day Advanced Level Course
Course Overview
he Network Intrusion Forensic Analysis course is an expert-level, week-long training designed for examiners familiar with digital forensics principles, aiming to expand their expertise in advanced network exploitation forensics using various third-party tools.
The course provides participants with unbiased knowledge and skills essential for analyzing artifacts resulting from network intrusion activities. This involves using standard tools and open-source applications to delve deeper into data, understanding how applications function and store information during network intrusions.
Attendees will acquire proficiency in using diverse applications and utilities to identify, process, comprehend, and document crucial forensic artifacts vital for network intrusion forensic investigations. The course covers the steps and processes hackers employ to compromise a network, teaching participants to capture and analyze network traffic, triage live systems, and scrutinize memory captures to identify potential malware and threat artifacts. Additionally, attendees will learn to locate and analyze Windows artifacts, revealing pertinent information for network intrusion investigations.
Throughout the course, students will utilize various open-source and leading forensic applications to examine key artifacts, engaging in extensive hands-on labs and student exercises.
The primary learning points include:
- Introduction to Networking Concepts
- Overview of Network Intrusion Investigations
- Capturing and Analyzing Network Traffic
- Memory Capture and Analysis
- Windows Evidence Analysis
The course will follow adult learning principles through training aids such as presentations, diagrams, and practical instructor-led lead examples. Each artifact covered will be presented in either one or two 50-minute sessions followed by review questions. Students will be given the opportunity throughout the course to ask questions and discuss objectives covered in more detail. Throughout each day students will have practical exercises to work on in order to reinforce the topics.
Prerequisite
To get the most out of this class, you should:
- Have 12 months of experience in forensic examinations
- Attended Spyder Forensics Foundations training or similar program
- Be familiar with Windows Operating systems.
CLASS MATERIALS AND SOFTWARE
You will receive a student manual, lab exercises and other class-related material.