Advanced Network Forensics

Level: Advanced

Instructor led learning that covers the skills required to conduct advanced network investigations. Candidates will understand the anatomy of an attack and the methods that can be used to identify a breach.

What Will You Learn?

  • How to analyse different sources of evidence and how they can aid a network investigation
  • The importance of proper processes required when conducting a forensic investigation
  • How to identify and follow an attack through analysis of network evidence

Who Should Attend?

Security consultants and investigators looking to expand their capability to conduct in-depth network analysis
Typical candidates consist of:

  • Forensic Analysts
  • Incident Responders
  • Security Analysts
  • Threat Hunters

Recommended Perquisites

This course assumes candidates are familiar with the concepts of a breach and anatomy of an attack. It is recommended that candidates have experience conducting digital forensic assessments.
It is required that all students are comfortable with whatever OS they choose to use for analysis and are comfortable with command line interfaces.


Conducting an Investigation

  • Record Keeping
  • Incident Response Plans

PCAP Analysis

  • Data Carving
  • Identifying malicious traffic
  • Lateral Movement
  • Statistical Analysis

Data Sources

  • Understanding log sources
  • Following an attack

C&C Communication

  • Beaconing
  • Data Exfiltration

Intrusion Detection

  • IDS rules
  • IDS analysis


  • Identifying encrypted traffic
  • Decrypting encrypted traffic