Network Forensics Training

This course teaches students how to recognize a hacker’s tracks and uncover network-based evidence.

Course Overview

Our 5-day, instructor-led, Network Forensics Training course is directed toward IT security professionals in police and law enforcement, military and government, banking, network, and e-business. This course will teach you how to: 

  • Carve suspicious email attachments from packet captures 
  • Use flow records to track intruders 
  • Analyze wireless encryption-cracking attacks 
  • Reconstruct a suspect’s web surfing history (including cached pages) from a web proxy 
  • Uncover DNS-tunnels traffic 
  • Dissect the Operation Aurora exploit 

There are no specific prerequisites for this course. However, it is highly recommended that you have either the CompTIA® Network+ or Security+ Certification before enrolling in this course. 


Network Forensics Training

10/11/21 - 10/15/21 (5 days)

8:30AM - 4:30PM EST

Tysons Corner, VA
10/18/21 - 10/22/21 (5 days)

8:30AM - 4:30PM EST

Columbia, MD
10/18/21 - 10/22/21 (5 days)

8:30AM - 4:30PM EST


Not seeing a good fit?

Let us know. Our team of instructional designers, curriculum developers, and subject matter experts can create a custom course for you.

Contact Us

Learn more about custom training

Course Outline

Introduction to the Field and Background

  • Introduction to Forensics
  • Overview of Computer Crimes
  • Lab: Applying the Daubert Standard to Forensic Evidence
  • Forensics Methods and Labs
  • Trends and Future Directions

Tools and Methods

  • System Forensic Resources
  • Lab: Documenting a Workstation Configuration Using Common Forensic Tools
  • Collecting, Seizing, and Protective Evidence
  • Lab: Uncovering New Digital Evidence Using Bootable Forensic Utilities

Types of Forensics

  • Email Forensics
  • Lab: Analyzing Images to Identify Suspicious or Modified Files
  • Windows Forensics
  • Recognizing the Use of Steganography in Image Files
  • Linux Forensics
  • Lab: Automating Email Evidence Discovery Using P2 Commander
  • Macintosh Forensics
  • Mobile Forensics
  • Lab: Decoding an FTP Protocol Session for Forensic Evidence
  • Peforming Network Analysis
  • Lab: Identifying and Documenting Evidence from a Forensic Investigation
  • Incident and Intrusion Response
  • Lab: Conducting an Incident Response Investigation for a Suspicious Login
Subscribe now

Get new class alerts, promotions, and blog posts