Enumerating the Network Infrastructure as a Forensics Analyst
This course will teach you how to apply your theoretical knowledge of networking to both real time and post incident forensic analysis of network based data.
What you'll learn
Cyber crimes are a continual threat to any network, and having a strategy to prevent, protect and pursue is increasingly important. In this course, Enumerating the Network Infrastructure as a Forensics Analyst, you’ll learn how to apply the theoretical knowledge of TCP/IP and network-based protocols and devices to assist in the collection, analysis, and dissemination of network-based material and evidence as part of a forensic investigation. First, you’ll explore the key elements of TCP/IP and how they apply within the world of forensic investigation. Next, you’ll discover how your knowledge of physical and logical networking can assist you in finding material quickly and efficiently. Finally, you’ll learn how to analyze network-based data and material to draw confident conclusions to events and incidents which may have occurred. When you’re finished with this course, you’ll have the skills and knowledge of enumerating the network infrastructure needed to collect, collate, and forensically analyze material from a wide range of sources which will assist you in producing evidential reports, fast time support to interview and supporting ongoing investigation.
Table of contents
Network forensics is the investigation of network traffic patterns and data captured in transit between computing devices. Network forensics can provide insight into the source and extent of an attack. It also can supplement investigations focused on information left behind on computer hard drives following an attack.
You should be familiar with the basic concepts of the OSI and TCP/IP models and some of the key networking protocols and devices in use on a modern network and be involved or interested in first response, incident handling, and digital forensics.
A network protocol is an established set of rules that determine how data is transmitted between different devices in the same network. Essentially, it allows connected devices to communicate with each other, regardless of any differences in their internal processes, structure or design. The network device is one kind of device used to connect devices or computers together to transfer resources or files like fax machines or printers. Examples of network devices include switch, hub, bridge, router, gateway, modem, repeater & access point.
The Internet works by using a protocol called TCP/IP, or Transmission Control Protocol/Internet Protocol. TCP/IP is the underlying communication language of the Internet. In base terms, TCP/IP allows one computer to talk to another computer via the Internet through compiling packets of data and sending them to right location.
A digital forensic investigator backtracks the footprints of the lawbreaker to extract digital artifacts. These pieces of evidence then help in retrieving useful data to support the legal proceedings. Usually, digital artifacts consist of computer files, hard drives, emails, images, and other storage devices.