Join Jungwoo Ryoo for an in-depth discussion in this video What you should know, part of Network Forensics.
- [Instructor] Let's talk about what you should know before taking this course. My goal is to help you quickly learn essential network forensics concepts and develop an overall understanding of the field. But background knowledge in computer or digital forensics would be helpful. Throughout the course, we'll be using both Windows and Linux operating systems, but don't worry, if you don't have any spare computers to practice your skills on, watching the demos without doing them yourself will still be effective. Do keep in mind that many network forensics investigations require proficiency in using various OSs, and specialized tools. If you'd like to follow along, my setup includes three virtual machines, Windows 10, Ubuntu, and Kali, Linux. We'll be using the Linux and Windows command line a lot, and I encourage you to try them on your own as much as you can. Again, if you're unfamiliar with using the command line interface, don't get discouraged. You should still be able to follow the concepts and you will get good exposure out of the experience. I intentionally made sure that the software we're using is mostly free or available as a trial version. Let's take a quick look at them. Wireshark is an open-source packet analyzer. Syslog-ng is a free log management tool for Unix, Linux OSs. Kiwi is a Syslog server made available by SolarWinds. Tcpdump and WinDump are open-source packet capture utilities. Fiddler and Squid are free HTTP proxy tools. Finally, Splunk is a commercial security information and event management, or SIEM program.
- Goals of network forensics
- Using a syslog and Microsoft Log Parser
- Investigating network traffic
- How protocol analysis works
- ARP and DNS poisoning
- Working with network forensics tools
- Using packet sniffers
Skill Level Intermediate
Learning Cryptography and Network Securitywith Lisa Bock1h 45m Intermediate
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
What you should know2m 11s
1. Understanding Network Forensics
2. Preparing for a Network Forensics Investigation
3. Investigating Network Events
4. Investigating Network Traffic
5. Network Forensics Tools
Next steps1m 15s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.