Menu
  • Home
  • Radar Console
    • About the Radar
    • Go to Radar Console
    • Vulnerability Details
    • Overall Alerts
  • The Product Directory
    • About the Product Directory
  • CND Community
    • Contact Us
    • Blog
    • Packet Headers
    • Other Charts
    • Security Cartoons
  • Home
  • Radar Console
    • About the Radar
    • Go to Radar Console
    • Vulnerability Details
    • Overall Alerts
  • The Product Directory
    • About the Product Directory
  • CND Community
    • Contact Us
    • Blog
    • Packet Headers
    • Other Charts
    • Security Cartoons

Network Forensics

Computer-based evidence is widely accepted in courts of law and is increasingly a mainstay of success--even where the crime or dispute in question is not "high-tech." SANS has worked hard to train forensic analysts and investigators to acquire, process, and present computer-based evidence in court. Rather than focus on evidence retrieved from a hard drive, USB drive, or other static data storage devices, this course emphasizes acquisition and analysis of evidence on the move. Network equipment such as Web proxies, firewalls, IDS, routers, and even switches often contain evidence that can make or break a case. A great deal of evidence flows across the network but is never stored on a workstation or server hard drive. In this class, law enforcement and information security professionals will learn how to recover evidence from network-based devices in order to speed up investigations and build stronger cases. Students will learn practical methods for collecting network evidence through engaging, hands-on exercises. On the first day we will build a forensic monitoring server. During the following days we will use the forensic monitoring servers to collect network evidence from many network-based devices, including switches, routers, Web proxies, firewalls, and central logging servers. We will capture raw network traffic and carve files out of reconstructed packets. We will also discuss the challenges of encrypted sessions such as SSL tunnels and practice intercepting and reconstructing encrypted Web traffic. Finally, on the third day we will challenge students to respond to a realistic scenario. We will use our new tools to collect evidence from a virtual network and then present our case in the "court" of our peers. Through hands-on exercises, students will master the tools and techniques of network-based evidence acquisition, analysis, correlation, and reconstruction. Ultimately, students will present compelling pre-trial and courtroom testimony based on rigorously obtained evidence.
Rating
0 vote
Favoured:
0

Listing Details

Vendor
SANS
Website
Visit the Product Site
Pricing Model
Commercial
Modified
2011-01-13
Owner
michelemjordan
Add'l Info
Location - Worldwide Duration - 3 days
Created
2009-02-19
RecommendReport
  • Web Application FW +
  • Cloud Security Services
  • Static Code Analysis
  • Boundary Guards +
  • Network Anomoly Detection +
  • Scanning Products +
  • Network Access Control
  • Server Security Products +
  • Endpoint Security +
  • Forensic Solutions +
  • Malware Protection +
  • Patch Management +
  • Reputational Intelligence
  • Insider Threat Solutions
  • Phishing Assessment
  • Virtualisation Security
  • SIEM
  • Vulnerability Alert Services
  • Security Training +
    • - Ethical Hacking
    • - CISSP Training
    • - Virus Training
    • - Intro to Security
    • - Intrusion Detection
    • - Firewalls and VPNs
    • - Unix and Linux Training
    • - Windows Security
    • - Forensics Training
    • - Incident Response
    • - Database Security
    • - Web Server Security
    • - Wireless Security
    • - Programming Security
    • - Network Security
    • - UK University Programs +
    • - US University Programs +
  • Security Conferences
  • Password Managers
  • TSCM Bug Sweeping +
  • Geeky Gadgets
  • Visio Stencils
  • Uncategorised

CND Services - Assessing Your Security

  • Risk Assessment
  • Cyber Profile Assessment
  • Cyber Essentials
  • Vulnerability Assessment
  • Web App Scanning
  • Penetration Testing
  • Red Teaming
  • Phishing Assessment
  • Security Compliance
  • Firewall Audit
  • Forensic Readiness
  • vCISO
  • Aviation vCRSM
  • Maritime vCySO

CND Services - Preventing an Attack

  • Superyacht Cyber
  • Secure Cloud Configuration
  • Security Architecture
  • IDS & IPS
  • Blockchain Security
  • Data Loss Prevention
  • System Security Hardening
  • Insider Threat Prevention
  • Cisco Advanced Security
  • Vulnerability Management

CND Services - Detecting an Attack

  • Splunk Services
  • SIEM
  • XDR
  • MDR
  • EDR
  • Building a SOC
  • SOC Maturity
  • Staffing a SOC
  • Cloud Security Monitoring
  • Insider Threat Detection
  • GPG13 Protective Monitoring
  • Cyber Threat Intelligence
  • Branded Radar Console

CND Services - Responding to Incidents

  • Breach Triage
  • Incident Response
  • Incident Support
  • Breach Impact
  • Root Cause Analysis
  • Breach Remediation
  • Risk Assessment
  • Forensic Readiness
  • IR Planning

CND Services - Managed Security

  • Managed SOC
  • Managed Cyber Education
  • Managed Phishing Assessments
  • vCISO
  • Vulnerability Assessments
  • Vulnerability Management
  • XDR
  • MDR
  • EDR
  • Managed SIEM

CND Services - Superyacht Services

  • Complete IMO Cyber
  • Superyacht Intelligence
  • Cyber Assessment
  • Cyber Plan & Policies
  • Cyber Monitoring
  • Cyber Officer CySO
  • Maritime Blog

CND Services - Recruitment

   

© Computer Network Defence Limited 2023

Privacy Notice
Terms & Conditions
Send us a Message