
Maxtrain.com - info@maxtrain.com - 513-322-8888 - 866-595-6863
Certified Network Forensics Examiner

Description
The Certified Network Forensics Examiner, C)NFE, certification was developed for a U.S. classified government agency. It’s purpose is to push students with a digital and network forensic skill set to the next level. In this course you will navigate through 20+ modules of network forensic topics. This is a 5 day Instructor Led Class.
The C)NFE provides practical experience through our lab exercises that simulate real-world scenarios covering investigation and recovery of data in network.
The C)NFE focuses on centralizing and investigating logging systems as well as network devices. Take your forensics career to the next level with Mile2’s Network Forensics Engineer course.
Upon Completion
Students will:
- Have knowledge to perform network forensic examinations.
- Have knowledge to accurately report on their findings from examinations
- Be ready to sit for the C)NFE Exam
Comprised of 20 modules and 9 labs. The C)NFE will enhance your digital forensic competence by adding more advanced network forensics expertise and experience through discussions and practice.
Exam Information
The Certified Network Forensics Examiner exam is taken online through Mile2’s Learning Management System and is accessible on you Mile2.com account. The exam will take approximately 2 hours and consist of 100 multiple choice questions. A minimum grade of 70% is required for certification.
Mile2 is Accredited by the NSA-CNSS, Approved on Homelands Security NICCS Framework, and is on the FBI’s Tier 1-3 Certification Training Chart.
Outline
1: Digital Evidence Concepts
- Overview
- Concepts in Digital Evidence
- Section Summary
- Summary
2: Network Evidence Challenges
- Overview
- Challenges Relating to Network Evidence
- Section Summary
- Summary
3: Network Forensics Investigative Methodology
- Overview
- OSCAR Methodology
- Section Summary
- Summary
4: Network-Based Evidence
- Overview
- Sources of Network-Based Evidence
- Section Summary
- Summary
5: Network Principles
- Background
- History
- Functionality
- FIGURE 5-1 The OSI Model
- Functionality
- Encapsulation/De-encapsulation
- FIGURE 5-2 OSI Model Encapsulation
- Encapsulation/De-encapsulation
- FIGURE 5-3 OSI Model peer layer logical channels
- Encapsulation/De-encapsulation
- FIGURE 5-4 OSI Model data names
- Section Summary
- Summary
6: Internet Protocol Suite
- Overview
- Internet Protocol Suite
- Section Summary
- Summary
7: Physical Interception
- Physical Interception
- Section Summary
- Summary
8: Traffic Acquisition Software
- Agenda
- Libpcap and WinPcap
- LIBPCAP
- WINPCAP
- Section Summary
- BPF Language
- Section Summary
- TCPDUMP
- Section Summary
- WIRESHARK
- Section Summary
- TSHARK
- Section Summary
- Summary
9: Live Acquisition
- Agenda
- Common Interfaces
- Section Summary
- Inspection Without Access
- Section Summary
- Strategy
- Section Summary
- Summary
10: Analysis
- Agenda
- Protocol Analysis
- Section Summary
- Section 02
- Packet Analysis
- Section Summary
- Section 03
- Flow Analysis
- Protocol Analysis
- Section Summary
- Section 04
- Higher-Layer Traffic Analysis
- Section Summary
- Summary
11: Layer 2 Protocol
- Agenda
- The IEEE Layer 2 Protocol Series
- Section Summary
- Summary
12: Wireless Access Points
- Agenda
- Wireless Access Points (WAPs)
- Section Summary
- Summary
13: Wireless Capture Traffic and Analysis
- Agenda
- Wireless Traffic Capture and Analysis
- Section Summary
- Summary
14: Wireless Attacks
- Agenda
- Common Attacks
- Section Summary
- Summary
15: NIDS_Snort
- Agenda
- Investigating NIDS/NIPS
- and Functionality
- Section Summary
- NIDS/NIPS Evidence Acquisition
- Section Summary
- Comprehensive Packet Logging
- Section Summary
- Snort
- Section Summary
- Summary
16: Centralized Logging and Syslog
- Agenda
- Sources of Logs
- Section Summary
- Network Log Architecture
- Section Summary
- Collecting and Analyzing Evidence
- Section Summary
- Summary
17: Investigating Network Devices
- Agenda
- Storage Media
- Section Summary
- Switches
- Section Summary
- Routers
- Section Summary
- Firewalls
- Section Summary
- Summary
18: Web Proxies and Encryption
- Agenda
- Web Proxy Functionality
- Section Summary
- Web Proxy Evidence
- Section Summary
- Web Proxy Analysis
- Section Summary
- Encrypted Web Traffic
- Section Summary
- Summary
19: Network Tunneling
- Agenda
- Tunneling for Functionality
- Section Summary
- Tunneling for Confidentiality
- Section Summary
- Covert Tunneling
- Section Summary
- Summary
20: Malware Forensics
- Trends in Malware Evolution
- Section Summary
- Summary
Labs:
1: Working with captured files
- Exercise 1: HTTP.pcap
- Exercise 2: SMB.pcap
- Exercise 3: SIP_RTP.pcap
The rest of this lab's information is proprietary
2: Layer 2 Attacks & Active Evidence Acquisition
- Exercise 1: Analyze the capture of macof.
- Exercise 2: Manipulating the STP root bridge election process
- Exercise 3: Acquiring Evidence
- Exercise 4: Understanding Evidence
The rest of this lab's information is proprietary
3: Preparing for Packet Inspection
- Working with Packet Inspection tools
The rest of this lab's information is proprietary
4: Analyzing Packet Captures
- Exercise 1: Analyze TKIP and CCMP Frames starting from 4-Way Handshake process
The rest of this lab's information is proprietary
5: Case Study: ABC Real Estate
- Scenario Introduction
- Digital Forensic Exercises
The rest of this lab's information is proprietary
6: NIDS/NIPS
- Exercise 1: Use Snort as Packet Sniffer
- Exercise 2: Use Snort as a packet logger
- Exercise 3: Check Snort`s IDS abilities with pre-captured attack pattern files
The rest of this lab's information is proprietary
7: Syslog Exercise
- Using the Syslog in a forensic investigation on a network.
The rest of this lab's information is proprietary
8: Network Device Log
- Accessing the Network Device Log
- Understanding the Network Device Log
The rest of this lab's information is proprietary
9: SSL
- Exercise 1: Decrypting SSL Traffic by using a given Certificate Private Key
- Exercise 2: SSL and Friendly Man-in-the-middle
The rest of this lab's information is proprietary
PreRequisites
- 2 years networking experience
- 2 years in IT Secuirty
- Working knowledge of TCPIP
Audience
- Digital and Network Forensics Examiners
- IS Managers
- Network Auditors
- IT Managers
$3500.00
|
5 Days Course |