Cyber crimes are a continual threat to any network, and having a strategy to prevent, protect and pursue is increasingly important. In this course, Enumerating the Network Infrastructure as a Forensics Analyst, you’ll learn how to apply the theoretical knowledge of TCP/IP and network-based protocols and devices to assist in the collection, analysis, and dissemination of network-based material and evidence as part of a forensic investigation. First, you’ll explore the key elements of TCP/IP and how they apply within the world of forensic investigation. Next, you’ll discover how your knowledge of physical and logical networking can assist you in finding material quickly and efficiently. Finally, you’ll learn how to analyze network-based data and material to draw confident conclusions to events and incidents which may have occurred. When you’re finished with this course, you’ll have the skills and knowledge of enumerating the network infrastructure needed to collect, collate, and forensically analyze material from a wide range of sources which will assist you in producing evidential reports, fast time support to interview and supporting ongoing investigation.
What are Network Forensics?
Network forensics is the investigation of network traffic patterns and data captured in transit between computing devices. Network forensics can provide insight into the source and extent of an attack. It also can supplement investigations focused on information left behind on computer hard drives following an attack.
What prerequisites are needed for the Enumerating the Network Infrastructure as a Forensics Analyst course?
You should be familiar with the basic concepts of the OSI and TCP/IP models and some of the key networking protocols and devices in use on a modern network and be involved or interested in first response, incident handling, and digital forensics.
What are network protocols and devices?
A network protocol is an established set of rules that determine how data is transmitted between different devices in the same network. Essentially, it allows connected devices to communicate with each other, regardless of any differences in their internal processes, structure or design. The network device is one kind of device used to connect devices or computers together to transfer resources or files like fax machines or printers. Examples of network devices include switch, hub, bridge, router, gateway, modem, repeater & access point.
What is TCP/IP?
The Internet works by using a protocol called TCP/IP, or Transmission Control Protocol/Internet Protocol. TCP/IP is the underlying communication language of the Internet. In base terms, TCP/IP allows one computer to talk to another computer via the Internet through compiling packets of data and sending them to right location.
What does a digital forensic investigator do?
A digital forensic investigator backtracks the footprints of the lawbreaker to extract digital artifacts. These pieces of evidence then help in retrieving useful data to support the legal proceedings. Usually, digital artifacts consist of computer files, hard drives, emails, images, and other storage devices.
Phil Chapman is a senior instructor. He is responsible for the delivery of a range of courses including official Microsoft, CompTIA, EC Council and BCS official certifications. He is also the subject matter expert and project lead for the bespoke Law Enforcement Cyber Security training packages which are delivered to UK Law Enforcement agencies and forces.
Course Overview Hello everyone. My name is Phil Chapman, and welcome to my course, Digital Forensics: Enumerating the Network Infrastructure as a Forensic Analyst. I'm a senior instructor and cybercrime project lead at Firebrand Training UK, and for the past seven years, I've been involved in training UK law enforcement officers in cybercrime pursue, protect, and prevent strategies. This course will give you an insight into using your network infrastructure knowledge into the world of forensic analysis, and you should already be familiar with some foundation networking concepts before getting started. In this course, we're going to hone our knowledge of network infrastructures and protocols to use within the world of forensic investigation and analysis. Some of the major topics that we will cover include defining key network protocols for supporting an investigation, securing the infrastructure with layers of defense, comparing workgroups and domains and how they can affect an investigation, conducting a Wi‑Fi survey and considerations about wireless networking. By the end of this course, you'll know how to apply your theoretical knowledge of networking to both real‑time and post‑incident forensic analysis of network‑based data. Before beginning this course, you should be familiar with the basic concepts of the OSI and TCP/IP models and some of the key networking protocols and devices in use on a modern network and be involved or interested in first response, incident handling, and digital forensics. I hope you'll join me in this journey to learn network forensic analysis with the Digital Forensics: Enumerating the Network Infrastructure as a Forensic Analyst course, here at Pluralsight.