Network Forensics Workshop
Networks are a major source of evidence relating to criminal activity and employee misbehaviour. Therefore, Network Forensics is becoming an integral part of information security and corporate investigations. Whether your organization is faced with fraud, computer intrusions, workplace misconduct, or civil disputes you need to know where to find digital evidence on your network and how to preserve and utilize it properly.
With the proper training and tools, you can obtain substantial amounts of information from networks that can be useful in a wide range of digital investigations. Network logs can help establish when events occurred, where victims and suspects were, with whom they communicated, and much more.
This workshop is suitable for individuals who are interested in or are already performing technical aspects of Network Forensics. This seminar goes beyond computer forensics and discusses evidence transfer on networks. Topics covered in this hands-on seminar include network protocols and network-level logs, and the value of correlating network-level evidence from IDS systems, firewalls, and other network devices and monitoring systems is demonstrated through investigative exercises and Case Studies. Procedures and tools for properly collecting and examining digital evidence from networks are covered. This seminar covers various open source and commercial tools that are commonly used to examine network logs. Hands-on investigative scenarios and exercises are used throughout this seminar to teach practical technical skills. Using actual data such as network logs attendees will learn the wide range of skills needed to preserve and analyze digital evidence on networks. In addition, you will receive guidelines for preparing your network from a forensic perspective. This preparation includes developing policies, procedures, and logging architecture.
Ateendees will reveive a copy of the book “Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet” by Eoghan Casey.
- Preparing networks as a source of evidence
- Best Practices for handling digital evidence on networks
- Network traffic as a source of evidence
- Using logs on a network as evidence
- Network log correlation and reconstruction
- Attributing network activities to an individual
- Using the Internet as an investigative tool
- Open source and commercial forensic tools: hands-on exercises
- Practical investigative exercises: hands-on exercises