FIVE   |   ELEVEN   |   90%   |   40

        SCENARIOS                      LABS                          HANDS-ON           DURATION

Network forensics training is about the analysis of network traffic to identify intrusions or anomalous activity. Compared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable and therefore requires a different approach. This course sets the groundwork of understanding networks and the investigation process on them.

LAB 01

Firewall Configuration

LAB 02

Packet Analysis

LAB 03

Working with Tshark

LAB 04

Network Attacks

LAB 05

Network File Carving

LAB 06

Network Files Carving from Memory

LAB 07

Decrypting Encrypted Traffic

LAB 08

Working with Zeek

LAB 09

VoIP Traffic Analysis

LAB 10

Automation with Sysmon

LAB 11

Building Network Security Tools

Scenario: NF001

One of the biggest web-hosting companies had suffered a massive data leak; Attackers spotted a security flow in one of the documents. The network manager requires your assistance to record and analyze the still going events to discover the source of the breach.


Scenario: NF002

Recently a group of hackers managed to trick a group of private firms into sending them a vast amount of money by faking an investment website; the firms were sure that they are investing in start-ups while, in reality, they were sending money to the attackers. The SOC Team managed to capture the data transmitted between the groups. Your job is to analyze the network traffic and find the hackers.


Scenario: NF003

Recently, a notorious trojan managed to spread to new victims that are connected to nearby Wi-Fi networks using already infected devices. A Cybersecurity firm managed to spot a new spreading attempt and is requesting your help to analyze the network to trace the source of the infection.


Scenario: NF004

A network of compromised Linux servers has grown so powerful that it can blow big websites off the Internet by launching crippling DDoS of over 150 gigabits per second (Gbps). Your mission is to investigate the process of DDoS and find a way to block it.


Scenario: NF005

A researcher team at a network management company spotted suspicious traffic at his networks which seems to be delivering files from the network to an unknown host. The researcher team has recorded the suspicious traffic and is asking for your help to analyze it and report your findings back to them.  

  • White LinkedIn Icon
  • White Facebook Icon

Ze'ev Jabotinsky St 7,
Ramat Gan, IL.

© 2020 by ThinkCyber