• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

This course was originally designed for a select U.S. Government Intelligence Agency. The C)NFE certification program will prepare students to exercise true advanced networking forensics techniques through the use of proprietary labs in Mile2's exclusive cyber range.

You should attend this course if you are:

  • Cybersecurity team members who need to respond to intrusions, 'hacks' and incidents in their network.
  • Cybersecurity team members that are required to know how to examine, probe, trace, frisk, and interrogate their network(s) to find out how they were compromised.
  • Those IT pros that want to advance their network investigative and incident response handling policies, procedures and techniques.

This 5 day-course retails for $3,500 and is delivered via: classroom or live online.

Learning Objectives

Module 1 - Digital Evidence Concepts
Module 2 - Network Evidence Challenges
Module 3 - Network Forensics Investigative Methodology
Module 4 - Network - Based Evidence
Module 5 - Network Principles
Module 6 - Internet Protocol Suite
Module 7 - Physical Interception
Module 8 - Traffic Acquisition Software
Module 9 - Live Acquisition
Module 10 - Analysis
Module 11 - Layer 2 Protocol
Module 12 - Wireless Access Points
Module 13 - Wireless Capture Traffic and Analysis
Module 14 - Wireless Attacks
Module 15 - NIDS_Snort
Module 16 - Centralized Logging and Syslog
Module 17 - Investigating Network Devices
Module 18 - Web Proxies and Encryption
Module 19 - Network Tunneling
Module 20 - Malware Forensics

HANDS-ON LABORATORY EXERCISES

Lab 1 - Working with captured files
Exercise 1 - HTTP.pcap
Exercise 2 - SMB.pcap
Exercise 3 - SIP_RTP.pcap
Lab 2 - Layer 2 Attacks
Exercise 1 - Analyze the capture of macof.
Exercise 2 - Manipulating the STP root bridge election process
Lab 2 - Active Evidence Acquisition
Lab 3 - Preparing for Packet Inspection
Lab 4 - Analyzing Packet Captures
Exercise 2: Analyze TKIP and CCMP Frames starting from 4-Way Handshake process.
Lab 5 - Case Study: ABC Real Estate
Lab 6 - NIDS/NIPS
Exercise 1 - Use Snort as Packet Sniffer
Exercise 2 - Use Snort as a packet logger
Exercise 3 - Check Snort's IDS abilities with pre-captured attack pattern files
Lab 7 - Syslog Exercise
Lab 8 - Network Device Log
LAB 9 - SSL
Exercise 1 - Decrypting SSL Traffic by using a given Certificate Private Key
Exercise 2 - SSL and Friendly Man-in-the-middle

Framework Connections

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.