Certified Network Forensics Examiner

Name: Certified Network Forensics Examiner
SKU: 9030
Price: 3500 USD
Availability: InStock

MILE2-Federal-Approval_Certified-Network-Forensics-Examiner

Add to Wishlist

Download PDF

Description

The Certified Network Forensics Examiner, C)NFE, certification was developed for a U.S. classified government agency. It’s purpose is to push students with a digital and network forensic skill set to the next level. In this course you will navigate through 20+ modules of network forensic topics. This is a 5 day Instructor Led Class.

The C)NFE provides practical experience through our lab exercises that simulate real-world scenarios covering investigation and recovery of data in network.

The C)NFE focuses on centralizing and investigating logging systems as well as network devices. Take your forensics career to the next level with Mile2’s Network Forensics Engineer course.

Upon Completion

Students will:

Have knowledge to perform network forensic examinations.
Have knowledge to accurately report on their findings from examinations
Be ready to sit for the C)NFE Exam

Comprised of 20 modules and 9 labs. The C)NFE will enhance your digital forensic competence by adding more advanced network forensics expertise and experience through discussions and practice.

Exam Information

The Certified Network Forensics Examiner exam is taken online through Mile2’s Learning Management System and is accessible on you Mile2.com account. The exam will take approximately 2 hours and consist of 100 multiple choice questions. A minimum grade of 70% is required for certification.

Mile2 is Accredited by the NSA-CNSS, Approved on Homelands Security NICCS Framework, and is on the FBI’s Tier 1-3 Certification Training Chart.

Outline

1: Digital Evidence Concepts

Overview
Concepts in Digital Evidence
Section Summary
Summary

2: Network Evidence Challenges

Overview
Challenges Relating to Network Evidence
Section Summary
Summary

3: Network Forensics Investigative Methodology

Overview
OSCAR Methodology
Section Summary
Summary

4: Network-Based Evidence

Overview
Sources of Network-Based Evidence
Section Summary
Summary

6: Internet Protocol Suite

Overview
Internet Protocol Suite
Section Summary
Summary

7: Physical Interception

Physical Interception
Section Summary
Summary

8: Traffic Acquisition Software

Agenda
Libpcap and WinPcap
LIBPCAP
WINPCAP
Section Summary
BPF Language
Section Summary
TCPDUMP
Section Summary
WIRESHARK
Section Summary
TSHARK
Section Summary
Summary

9: Live Acquisition

Agenda
Common Interfaces
Section Summary
Inspection Without Access
Section Summary
Strategy
Section Summary
Summary

10: Analysis

Agenda
Protocol Analysis
Section Summary
Section 02
Packet Analysis
Section Summary
Section 03
Flow Analysis
Protocol Analysis
Section Summary
Section 04
Higher-Layer Traffic Analysis
Section Summary
Summary

11: Layer 2 Protocol

Agenda
The IEEE Layer 2 Protocol Series
Section Summary
Summary

12: Wireless Access Points

Agenda
Wireless Access Points (WAPs)
Section Summary
Summary

13: Wireless Capture Traffic and Analysis

Agenda
Wireless Traffic Capture and Analysis
Section Summary
Summary

14: Wireless Attacks

Agenda
Common Attacks
Section Summary
Summary

15: NIDS_Snort

Agenda
Investigating NIDS/NIPS
and Functionality
Section Summary
NIDS/NIPS Evidence Acquisition
Section Summary
Comprehensive Packet Logging
Section Summary
Snort
Section Summary
Summary

16: Centralized Logging and Syslog

Agenda
Sources of Logs
Section Summary
Network Log Architecture
Section Summary
Collecting and Analyzing Evidence
Section Summary
Summary

18: Web Proxies and Encryption

Agenda
Web Proxy Functionality
Section Summary
Web Proxy Evidence
Section Summary
Web Proxy Analysis
Section Summary
Encrypted Web Traffic
Section Summary
Summary

20: Malware Forensics

Trends in Malware Evolution
Section Summary
Summary

Labs:

1: Working with captured files

Exercise 1: HTTP.pcap
Exercise 2: SMB.pcap
Exercise 3: SIP_RTP.pcap