CNFE - Certified Network Forensics Examiner

$4,375.00
Start Date Time Days Price GTR Availability
May 22, 2017 09:00 (EST) 5 $4,375.00 Register

Course Overvirew

The Certified Network Forensics Examiner was originally developed for a U.S. classified government agency. The C)NFE takes a digital and network forensic skill set to the next level by navigating through over twenty modules of network forensic topics.

 

The CNFE provides practical experience through our lab exercises that simulate real-world scenarios that cover investigation and recovery of data in network, Physical Interception, Traffic Acquisition, Analysis, Wireless Attacks and SNORT. The course focuses on the centralizing and investigating of logging systems as well as network devices.

 

Prerequisite:

  • 2 years of networking experience
  • 2 years of IT Security
  • Working Knowledge of TCPIP

 

Student Materials:

  • Student workbook
  • Student lab guide
  • Student Exam Prep guide

 

Certification Exam:

  • Mile2 C)NFE

 

CPEs: 40

 

WHO SHOULD ATTEND?

  • Digital & Network Forensic Engineers
  • IS & IT managers
  • Network Auditors

 

UPON COMPLETION

Students will:

  • Have knowledge to perform network forensic examinations.
  • Have knowledge to accurately report on their findings from examinations
  • Be ready to sit for the C)NFE Exam

 

Exam Information

The Certified Network Forensics Examiner certification exam is taken online through Mile2’s Assessment and Certification System (MACS), which is accessible on your mile2.com account. The exam will take 2 hours and consist of 100 multiple choice questions.

 

OUTLINE

Module 1: Digital Evidence Concepts

Module 2: Network Evidence Challenges

Module 3: Network Forensics Investigative

Methodology

Module 4: Network-Based Evidence

Module 5: Network Principles

Module 6: Internet Protocol Suite

Module 7: Physical Interception

Module 8: Traffic Acquisition Software

Module 9: Live Acquisition

Module 10: Analysis

Module 11: Layer 2 Protocol

Module 12: Wireless Access Points

Module 13: Wireless Capture Traffic and Analysis

Module 14: Wireless Attacks

Module 15: NIDS_Snort

Module 16: Centralized Logging and Syslog

Module 17: Investigating Network Devices

Module 18: Web Proxies and Encryption

Module 19: Network Tunneling

Module 20: Malware Forensics

 

Module 1 -Digital Evidence  Concepts

Overview

Concepts in Digital Evidence

Section Summary

Module Summary

 

Module 2 -Network Evidence Challenges

Overview

Challenges Relating to Network Evidence

Section Summary

Module Summary

 

Module 3 – Network Forensics Investigative Methodology

Overview

OSCAR Methodology

Section Summary

Module Summary

 

Module 4 – Network-Based Evidence

Overview

Sources of Network-Based Evidence

Section Summary

Module Summary

 

Module 5 – Network Principles

Background

History

Functionality

FIGURE 5-1 The OSI Model

Functionality

Encapsulation/De-encapsulation

FIGURE 5-2 OSI Model Encapsulation

Encapsulation/De-encapsulation

FIGURE 5-3 OSI Model peer layer logical channels

Encapsulation/De-encapsulation

FIGURE 5-4 OSI Model data names

Section Summary

Module Summary

 

Module 6 – Internet Protocol Suite

Overview

Internet Protocol Suite

Section Summary

Module Summary

 

Module 7 – Physical Interception

Physical Interception

Section Summary

Module Summary

 

Module 8 – Traffic Acquisition Software

Agenda

Libpcap and WinPcap

LIBPCAP

WINPCAP

Section Summary

BPF Language

Section Summary

TCPDUMP

Section Summary

WIRESHARK

Section Summary

TSHARK

Section Summary

Module Summary

 

Module 9 – Live Acquisition

Agenda

Common Interfaces

Section Summary

Inspection Without Access

Section Summary

Strategy

Section Summary

Module Summary

 

Module 10 – Analysis

Agenda

Protocol Analysis

Section Summary

Section 02

Packet Analysis

Section Summary

Section 03

Flow Analysis

Protocol Analysis

Section Summary

Section 04

Higher-Layer Traffic Analysis

Section Summary

Module Summary

 

Module 11 – Layer 2 Protocol

Agenda

The IEEE Layer 2 Protocol Series

Section Summary

Module Summary

 

Module 12- Wireless Access Points

Agenda

Wireless Access Points (WAPs)

Section Summary

Module Summary

 

Module 13 – Wireless Capture Traffic and Analysis

Agenda

Wireless Traffic Capture and Analysis

Section Summary

Module Summary

 

Module 14 – Wireless Attacks

Agenda

Common Attacks

Section Summary

Module Summary

 

Module 15 – NIDS_Snort

Agenda

Investigating NIDS/NIPS

and Functionality

Section Summary

NIDS/NIPS Evidence Acquisition

Section Summary

Comprehensive Packet Logging

Section Summary

Snort

Section Summary

Module Summary

 

Module 16 – Centralized Logging and Syslog

Agenda

Sources of Logs

Section Summary

Network Log Architecture

Section Summary

Collecting and Analyzing Evidence

Section Summary

Module Summary

 

Module 17 – Investigating Network Devices

Agenda

Storage Media

Section Summary

Switches

Section Summary

Routers

Section Summary

Firewalls

Section Summary

Module Summary

 

Module 18 – Web Proxies and Encryption

Agenda

Web Proxy Functionality

Section Summary

Web Proxy Evidence

Section Summary

Web Proxy Analysis

Section Summary

Encrypted Web Traffic

Section Summary

Module Summary

 

Module 19 – Network Tunneling

Agenda

Tunneling for Functionality

Section Summary

Tunneling for Confidentiality

Section Summary

Covert Tunneling

Section Summary

Module Summary

 

Module 20 – Malware Forensics

Trends in Malware Evolution

Section Summary

Module Summary

 

HANDS-ON LABORATORY EXERCISES

Module 4, 5 and 6 – Working with captured files

Lab 1: Sniffing with Wireshark

Lab 2: HTTP Protocol Analysis

Lab 3: SMB Protocol Analysis

Lab 4: SIP/RTP Protocol Analysis

Lab 5: Protocol Layers

 

Module 7, 8, 9, 10, 11 – Evidence Acquisition

Lab 1: Analyzing the capture of MacOf

Lab 2: Manipulating STP algorithm

Lab 3: Active Evidence Acquisition

 

Module 12, 13, 14 – Wireless Traffic Evidence Acquisition

Lab 1: IEEE 802.11

 

Module 15: IDS/IPS Forensics

Lab 1: Use Snort as Packet Sniffer

Lab 2: Use Snort as Packet Logger

Lab 3: Check Snort’s IDS abilities with pre-captured attack pattern files

 

Module 16 and 21 – Network forensics and investigating logs

Lab 1: Syslog lab

Lab 2: Network Device Log

Lab 3: Log Mysteries

 

Modules 17, 18 – SSL and Encryption

Objective

Step 1: Open a Trace

Step 2: Inspect the Trace

Answers

Step 3: The SSL Handshake

Hello Messages

Questions

Answers

Certificate Messages

Answer

Client Key Exchange and Change Cipher Messages

Answers

Alert Message

Answers to Alert Message

Lab 2: SSL and Friendly Man-in-the-middle

 

Module 20 – Malware Forensics

Lab 1: Analyzing Malicious Portable Destructive Files

Lab 2: Mobile Malware

Appendix: Forensic Challenge