CNFE Certified Network Forensics Examiner
CLASS DATE(s):
8/10/2020 - 8/14/2020

COURSE LENGTH: 5 Days

COURSE COST: $3395

COURSE TIMES: 9:00am - 4:30pm

Printable version of this course
print
Register for this course
register

COURSE OVERVIEW

The Certified Network Forensics Examiner vendor-neutral certification was developed for a U.S. classified government agency. The C)NFE takes a digital and network forensic skill set to the next level by navigating through over twenty modules of network forensic topics.

The CNFE provides practical experience through our lab exercises that simulate real-world scenarios that cover investigation and recovery of data in a network, Physical Interception, Traffic Acquisition, Analysis, Wireless Attacks, and SNORT. The course focuses on the centralizing and investigating of logging systems as well as network devices.

AUDIENCE AND PREREQUISITES

Digital & Network Forensic Engineers
IS & IT managers
Network Auditors

  • Must have a Digital or Computer Forensics Certification or equivalent knowledge
  • 2 years of IT Security
  • Working Knowledge of TCPIP

PREREQUISITE COURSES  

Course will run as a live-virtual class unless a minimum enrollment is reached.

Exam Information: The Certified Network Forensics Examiner exam is taken online. The exam will take 2 hours, consist of 100 multiple choice questions, anc cost $400 dollars.

COURSE TOPICS:


Module 1 -Digital Evidence Concepts
Overview
Concepts in Digital Evidence
Section Summary
Module Summary

Module 2 Network Evidence Challenges
Challenges Relating to Network Evidence
Section Summary
Module Summary

Module 3 Network Forensics Investigative
Methodology
OSCAR Methodology
Section Summary
Module Summary

Module 4 Network-Based Evidence
Sources of Network-Based Evidence
Section Summary
Module Summary

Module 5 Network Principles
Background, History, & Functionality
FIGURE 5-1 The OSI Model
Encapsulation/De-encapsulation
FIGURE 5-2 OSI Model Encapsulation
FIGURE 5-3 OSI Model peer layer logical channels
v

Module 6 Internet Protocol Suite
Internet Protocol Suite

Module 7 Physical Interception
Physical Interception

Module 8 -Traffic Acquisition Software
Libpcap (LIBPCAP) and WinPcap (WINPCAP)
BPF Language
TCPDUMP
WIRESHARK
TSHARK

Module 9 Live Acquisition
Common Interfaces
Inspection Without Access
Strategy

Module 10 Analysis
Protocol Analysis
Packet Analysis
Flow Analysis
Protocol Analysis
Higher-Layer Traffic Analysis

Module 11 Layer 2 Protocol
The IEEE Layer 2 Protocol Series

Module 12 Wireless Access Points
Wireless Access Points (WAPs)

Module 13 Wireless Capture Traffic and Analysis
Wireless Traffic Capture and Analysis

Module 14 Wireless Attacks
Common Attacks

Module 15 NIDS_Snort

Module 16 Centralized Logging and Syslog
Sources of Logs
Network Log Architecture
Collecting and Analyzing Evidence

Module 17 Investigating Network Devices
Storage Media
Switches
Routers
Firewalls

Module 18 Web Proxies and Encryption
Web Proxy Functionality
Web Proxy Evidence
Web Proxy Analysis
Encrypted Web Traffic

Module 19 Network Tunneling
Tunneling for Functionality
Tunneling for Confidentiality
Covert Tunneling

Module 20 Malware Forensics
Trends in Malware Evolution