Certified Network Forensics Examiner : CNFE (Part1 of Part2)

Certification course

4.40 (20 reviews)
Udemy
platform
English
language
Network & Security
category
231
students
15.5 hours
content
Oct 2023
last update
$59.99
regular price

What you will learn

After successfully completing this course, the students shall be able to:

Cyber Defense Analysis

Incident Response

Cyber security Management

Systems Analysis

Vulnerability Assessment and Management

Description

This course was originally designed only for the U.S. Agency for Government Intelligence. The CNFE certification program is designed to prepare students to master true advanced networking forensics strategies through the use of open source laboratories in an exclusive cyber-range.

The CNFE takes digital and network forensic skills to the next level by navigating through over twenty network forensic theme modules.

The CNFE provides practical training through our laboratory simulations that replicate real-world situations that include the inspection and recovery of network data, Physical Surveillance, Information Collection, Analysis, Wireless Attacks and SNORT.

The course focuses on the centralization and analysis of monitoring mechanisms and networking devices. SIGN UP NOW!

Content

Digital Evidence Concepts

Digital Evidence Concepts
Concepts in Digital Evidence
Overview
Background
Real Evidence
Best Evidence
Direct Evidence
Circumstantial Evidence
Hearsay
Business Records
Digital Evidence
Network-Based Digital Evidence
Section Summary
Section 1 Quiz

Network Evidence Challenges

Network Evidence Challenges
Challenges Relating to Network Evidence
Overview
Acquisition
Content
Storage
Privacy
Seizure
Admissibility
Section Summary
Section 2 Quiz

Network Forensics Investigative Methodology

Network Forensics Investigative Methodology
Oscar Methodology
Overview
Obtain Information
Obtain Information
Strategize
Strategize
Collect Evidence
Collect Evidence
Collect Evidence
Collect Evidence
Analyze
Analyze
Analyze
Analyze
Analyze
Analyze
Report
Section Summary
Section 3 Quiz

Network-Based Evidence

Network-Based Evidence
Sources of Network-Based Evidence
Overview
Background
Background
On the Wire
In the Air
Switches
Routers
DHCP Servers
Name Servers
Authentication Servers
Network Intrusion Detection/Prevention Systems
Firewalls
Web Proxies
Application Servers
Central Log Servers
A Quick Protocol Review
A Quick Protocol Review
Internet Protocol Suite Review
IPv4 vs IPv6
IPv4 vs IPv6
TCP vs UDP
TCP vs UDP
Section Summary
Section 4 Quiz

Network Principles

Network Principles
Principles of Internetworking
Overview
Background
History
Functionality
Figure 5-1 The OSI Model
Functionality
Functionality
Encapsulation/De-encapsulation
Encapsulation/De-encapsulation
Figure 5-2 OSI Model Encapsulation
Encapsulation/De-encapsulation
Encapsulation/De-encapsulation
Encapsulation/De-encapsulation
Figure 5-3 OSI Model Peer Layer Logical Channels
Encapsulation/De-encapsulation
Figure 5-4 OSI Model Data Names
Section Summary
Section 5 Quiz

Internet Protocol Suite

Internet Protocol Suite
Overview
Background
History of Internet Protocol Suite
Application Layer
Application Layer Examples
Transport Layer
Layer 4 Protocols
Internet Layer
Network Access Layer
Comparing the OSI Model and TCP/IP Model
Similarities of the OSI and TCP/IP Models
Differences of the OSI and TCP/IP Models
Internet Architecture
IPv4
IP Address as a 32-Bit Binary Number
Binary and Decimal Conversion
IP Address Classes
IP Address Classes
IP Addresses as Decimal Numbers
Hosts for Classes of IP Addresses
IP Addresses as Decimal Numbers
Network IDs and Broadcast Addresses
Private Addresses
Reserved Address Space
Basics of Subnetting
Subnetworks
Subnetworks
Subnet Mask
Subnet Mask
IPv6
IPv4 versus IPv6
Transmission Control Protocol
User Datagram Protocol
ARP
ARP Operation Within a Subnet
ARP Process
Advanced ARP Concepts
Default Gateway
How ARP Sends Data to Remote Networks
Proxy ARP
Section Summary
Section 6 Quiz

Physical Interception

Physical Interception
Overview
Goal
Background
Pigeon Sniffing
Cables
Copper
Optical
Radio Frequency
Information that Can Be Gained from Wi-Fi Traffic
Inline Network Tap
Vampire Tap
Radio Frequency
Radio Frequency
Hubs
Switches
Obtaining Traffic from Switches
Sniffing on Switches
Section Summary
Section 7 Quiz

Traffic Acquisition Software

Traffic Acquisition Software
Agenda
Libpcap and WinPcap
Background
Libpcap - Introduction
Installing Libpcap using the RPMs
Installing Libpcap using the RPMs
Installing Libpcap from the Source Files
Installing Libpcap from the Source Files (Configure)
Installing Libpcap from the Source Files (Make/Make Install))
WinPcap - Introduction
Installing WinPcap
Section Summary
The Berkeley Packet Filter (BPF) Language
Overview
Background
BPF Primitives
Filtering Packets by Byte Value
Examples
Filtering Packets by Bit Value
Filtering Packets by Bit Value
Section Summary
Tcpdump
Overview
Background
Basics
Basics
Installing tcpdump (Windows Installation)
Installing tcpdump (Windows Installation)
Installing tcpdump (Linux Installation)
Installing tcpdump (Linux Installation)
Installing tcpdump (Linux Installation)
Filtering Packets with tcpdump
Filtering Packets with tcpdump
Section Summary
Wireshark
Overview
Background
Installing Wireshark
Installing Wireshark (Microsoft Windows Systems)
Installing Wireshark (Linux Systems)
Wireshark Protocol Analyzer
Section Summary
Tshark
Overview
Background
Examples of tshark
Statistics
Examples
Section Summary
Section 8 Quiz

Live Acquisition

Live Acquisition
Agenda
Common Interfaces
Overview
Background
Console
Secure Shell (SSH)
Secure Copy (SCP) and SFTP
Telnet
Simple Network Management Protocol (SNMP)
Simple Network Management Protocol (SNMP)
Web and Proprietary Interfaces
Section Summary
Inspection without Access
Overview
Background
Port Scanning
Vulnerability Scanning
Section Summary
Strategy
Overview
Refrain
Connect
Record the Time
Collect Evidence
Record Investigative Activities
Section Summary
Section 9 Quiz

Layer 2 Protocol

Layer 2 Protocol
The IEEE Layer 2 Protocol Series
Overview
Background
Layer 2 Protocols
CSMA/CD
CSMA/CD
802.11 Protocol Suite: Frame Types
802.11 Protocol Suite: Frame Types (Management Frames)
802.11 Protocol Suite: Frame Types (Management Frames)
802.11 Protocol Suite: Frame Types (Control Frames)
802.11 Protocol Suite: Frame Types (Data Frames)
802.11 Protocol Suite: Frame Analysis
802.11 Protocol Suite: Network-Byte Order
802.11 Protocol Suite: Endianness
802.11 Protocol Suite: Network-Byte Order
802.11 Protocol Suite: Wired Equivalent Privacy
802.11 Protocol Suite: Wired Equivalent Privacy
An 802.11 Packet Capture Displayed in Wireshark
802.1X
Section Summary
Section 10 Quiz

Protocol Analysis

Protocol Analysis
Agenda
Protocol Analysis
Overview
Background
Tools
Tools
Tools
Techniques
Section Summary
Packet Analysis
Agenda
'Fundamentals and Challenges
Protocol Analysis
Documentation
Protocol Analysis Tools
Packet Details Markup Language and Packet Summary Markup Language
Packet Details Markup Language and Packet Summary Markup Language
Packet Details Markup Language and Packet Summary Markup Language
Wireshark
Wireshark Display
Tshark
Tshark Display
Protocol Analysis Techniques
Protocol Identification
Protocol Decoding
Exporting Fields
Defined
Packet Analysis Tools
Wireshark and Tshark Display Filters
ngrep
Hex Editors
Packet Analysis Techniques
Pattern Matching
Parsing Protocol Fields
Packet Filtering
Section Summary
Flow Analysis
Agenda
Overview
Background
Defined
Tools
Follow TCP Stream
Tools
Flow Analysis Techniques
Lists Conversations and Flows
List TCP Flows
Export Flow
Manual File and Data Carving
Automatic File Carving
Higher-Layer Traffic Analysis
HTTP
DHCP
SMTP
DNS
Higher-Layer Analysis Tools
Higher-Layer Analysis Tools
Section Summary
Section 11 Quiz

Wireless Access Points

Wireless Access Points
Overview
Background
Background
Background
Background
Background
Why Investigate WAPs?
Types of WAPs
Types of WAPs
Types of WAPs
Volatile Data and Persistent Data
Section Summary
Section 12 Quiz

Wireless Traffic Capture and Analysis

Wireless Traffic Capture and Analysis
Overview
Spectrum Analysis
Spectrum Analysis
Spectrum Analysis
Wireless Passive Evidence Acquisition
Wireless Passive Evidence Acquisition
Wireless Passive Evidence Acquisition
Analyzing 802.11 Efficiently
Section Summary
Section 13 Quiz

NIDS/Snort

NIDS/Snort
Agenda
Investigating NIDS/NIPS and NIDS/NIPS Functionality
Overview
Background
Sniffing
Higher-Layer Protocols Awareness
Alerting on Suspicious Bits
Section Summary
NIDS/NIPS Evidence Acquisition
Overview
Background
Types of Evidence: Configuration
Types of Evidence: Alert Data
Types of Evidence: Packet Header/Content Data
Types of Evidence: Activities Correlated Across Multiple Sensors
NIDS/NIPS Interfaces
Section Summary
Comprehensive Packet Logging
Overview
Background
Background
Evidence
Section Summary
Snort
Overview
Background
Basic Architecture
Snort File Locations
Snort Rule Language
Snort Rules
Section Summary
Section 14 Quiz

Centralized Logging and Syslog

Centralized Logging and Syslog
Agenda
Sources of Logs
Overview
Operating System Logs
Operating System Logs
Operating System Logs
Operating System Logs
Operating System Logs
Application Logs
Application Logs
Physical Device Logs
Network Devices
Section Summary
Network Log Architecture
Overview
Three Types of Logging Architectures
Three Types of Logging Architectures
Three Types of Logging Architectures
Remote Logging: Common Pitfalls and Strategies
Remote Logging: Common Pitfalls and Strategies
Remote Logging: Common Pitfalls and Strategies
Remote Logging: Common Pitfalls and Strategies
Log Aggregation and Analysis Tools
Log Aggregation and Analysis Tools
Section Summary
Collecting and Analyzing Evidence
Overview
Obtain Information
Obtain Information
Obtain Information
Strategize
Strategize
Strategize
Strategize
Collect Evidence
Collect Evidence
Collect Evidence
Collect Evidence
Analyze
Report
Section Summary
Section 15 Quiz

Investigating Network Devices

Investigating Network Devices
Agenda
Storage Media
Overview
Background
DRAM (Dynamic Random-Access Memory)
CAM (Content-Addressable Memory)
NVRAM (Non-Volatile Random-Access Memory)
Hard Drive
ROM
Section Summary
Switches
Overview
Background
CAM Tables (Content-Addressable Memory)
ARP
Types of Switches
Types of Switches
Switch Evidence
Section Summary
Routers
Overview
Background
Types of Routers
Router Evidence
Section Summary
Firewalls
Overview
Background
Types of Firewalls
Types of Firewalls
Firewall Evidence
Section Summary
Section 16 Quiz

Web Proxies and Encryption

Web Proxies and Encryption
Agenda
Web Proxy Functionality
Overview
WAP Attacks
Caching
URI Filtering
Content Filtering
Section Summary
Web Proxy Evidence
Overview
Background
Types of Evidence
Obtaining Evidence
Section Summary
Web Proxy Analysis
Overview
Background
Log Analysis Tools
Log Analysis Tools
Log Analysis Tools
Log Analysis Tools
Section Summary
Encrypted Web Traffic
Overview
Background
Transport Layer Security (TLS)
Gaining Access to Encrypted Content
Section 17 Quiz

Network Tunneling

Network Tunneling
Tunneling for Functionality
Overview
VLAN Trunking
Inter-Switch Link (ISL)
Generic Routing Encapsulation (GRE)
IPv4 over IPv6 with Teredo
Implications for the Investigator
Section Summary
Tunneling for Confidentiality
Overview
Background
Internet Protocol Security (IPsec)
TLS/SSL
Implications for the Investigator
Section Summary
Covert Tunneling
Overview
Covert Tunneling Strategies
TCP Sequence Numbers
DNS Tunnels
Implications for the Investigator
Section 18 Quiz

Malware Forensics

Malware Forensics
Trends in Malware Evolution
Overview
Background
Botnets
Encryption and Obfuscation
Distributed Command-and-Control Systems
Automatic Self-Updates
Metamorphic Network Behavior
Section Summary
Section 19 Quiz

Screenshots

Certified Network Forensics Examiner : CNFE (Part1 of Part2) - Screenshot_01Certified Network Forensics Examiner : CNFE (Part1 of Part2) - Screenshot_02Certified Network Forensics Examiner : CNFE (Part1 of Part2) - Screenshot_03Certified Network Forensics Examiner : CNFE (Part1 of Part2) - Screenshot_04

Reviews

Evan
October 19, 2023
So far I have listened to 15 hours of lecture, and I am no closer to being able to locate logs, analyze logs, collect network data, or do any of the things the course says I'm supposed to be able to do as a CNFE.

Charts

Price

Certified Network Forensics Examiner : CNFE (Part1 of Part2) - Price chart

Rating

Certified Network Forensics Examiner : CNFE (Part1 of Part2) - Ratings chart

Enrollment distribution

Certified Network Forensics Examiner : CNFE (Part1 of Part2) - Distribution chart

Related Topics

3226813
udemy ID
6/11/2020
course created date
11/21/2020
course indexed date
Bot
course submited by