Certified Network Forensics Examiner : Cnfe (Part1 Of Part2)
Last updated 6/2020
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 5.28 GB | Duration: 14h 26m
Last updated 6/2020
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 5.28 GB | Duration: 14h 26m
Certification course
What you'll learn
After successfully completing this course, the students shall be able to:
Cyber Defense Analysis
Incident Response
Cyber security Management
Systems Analysis
Vulnerability Assessment and Management
Requirements
Must have a Digital or Computer Forensics Certification or equivalent knowledge
Working Knowledge of TCP / IP
Description
This course was originally designed only for the U.S. Agency for Government Intelligence. The CNFE certification program is designed to prepare students to master true advanced networking forensics strategies through the use of open source laboratories in an exclusive cyber-range.The CNFE takes digital and network forensic skills to the next level by navigating through over twenty network forensic theme modules.The CNFE provides practical training through our laboratory simulations that replicate real-world situations that include the inspection and recovery of network data, Physical Surveillance, Information Collection, Analysis, Wireless Attacks and SNORT.The course focuses on the centralization and analysis of monitoring mechanisms and networking devices. SIGN UP NOW!
Overview
Section 1: Digital Evidence Concepts
Lecture 1 Digital Evidence Concepts
Lecture 2 Concepts in Digital Evidence
Lecture 3 Overview
Lecture 4 Background
Lecture 5 Real Evidence
Lecture 6 Best Evidence
Lecture 7 Direct Evidence
Lecture 8 Circumstantial Evidence
Lecture 9 Hearsay
Lecture 10 Business Records
Lecture 11 Digital Evidence
Lecture 12 Network-Based Digital Evidence
Lecture 13 Section Summary
Section 2: Network Evidence Challenges
Lecture 14 Network Evidence Challenges
Lecture 15 Challenges Relating to Network Evidence
Lecture 16 Overview
Lecture 17 Acquisition
Lecture 18 Content
Lecture 19 Storage
Lecture 20 Privacy
Lecture 21 Seizure
Lecture 22 Admissibility
Lecture 23 Section Summary
Section 3: Network Forensics Investigative Methodology
Lecture 24 Network Forensics Investigative Methodology
Lecture 25 Oscar Methodology
Lecture 26 Overview
Lecture 27 Obtain Information
Lecture 28 Obtain Information
Lecture 29 Strategize
Lecture 30 Strategize
Lecture 31 Collect Evidence
Lecture 32 Collect Evidence
Lecture 33 Collect Evidence
Lecture 34 Collect Evidence
Lecture 35 Analyze
Lecture 36 Analyze
Lecture 37 Analyze
Lecture 38 Analyze
Lecture 39 Analyze
Lecture 40 Analyze
Lecture 41 Report
Lecture 42 Section Summary
Section 4: Network-Based Evidence
Lecture 43 Network-Based Evidence
Lecture 44 Sources of Network-Based Evidence
Lecture 45 Overview
Lecture 46 Background
Lecture 47 Background
Lecture 48 On the Wire
Lecture 49 In the Air
Lecture 50 Switches
Lecture 51 Routers
Lecture 52 DHCP Servers
Lecture 53 Name Servers
Lecture 54 Authentication Servers
Lecture 55 Network Intrusion Detection/Prevention Systems
Lecture 56 Firewalls
Lecture 57 Web Proxies
Lecture 58 Application Servers
Lecture 59 Central Log Servers
Lecture 60 A Quick Protocol Review
Lecture 61 A Quick Protocol Review
Lecture 62 Internet Protocol Suite Review
Lecture 63 IPv4 vs IPv6
Lecture 64 IPv4 vs IPv6
Lecture 65 TCP vs UDP
Lecture 66 TCP vs UDP
Lecture 67 Section Summary
Section 5: Network Principles
Lecture 68 Network Principles
Lecture 69 Principles of Internetworking
Lecture 70 Overview
Lecture 71 Background
Lecture 72 History
Lecture 73 Functionality
Lecture 74 Figure 5-1 The OSI Model
Lecture 75 Functionality
Lecture 76 Functionality
Lecture 77 Encapsulation/De-encapsulation
Lecture 78 Encapsulation/De-encapsulation
Lecture 79 Figure 5-2 OSI Model Encapsulation
Lecture 80 Encapsulation/De-encapsulation
Lecture 81 Encapsulation/De-encapsulation
Lecture 82 Encapsulation/De-encapsulation
Lecture 83 Figure 5-3 OSI Model Peer Layer Logical Channels
Lecture 84 Encapsulation/De-encapsulation
Lecture 85 Figure 5-4 OSI Model Data Names
Lecture 86 Section Summary
Section 6: Internet Protocol Suite
Lecture 87 Internet Protocol Suite
Lecture 88 Overview
Lecture 89 Background
Lecture 90 History of Internet Protocol Suite
Lecture 91 Application Layer
Lecture 92 Application Layer Examples
Lecture 93 Transport Layer
Lecture 94 Layer 4 Protocols
Lecture 95 Internet Layer
Lecture 96 Network Access Layer
Lecture 97 Comparing the OSI Model and TCP/IP Model
Lecture 98 Similarities of the OSI and TCP/IP Models
Lecture 99 Differences of the OSI and TCP/IP Models
Lecture 100 Internet Architecture
Lecture 101 IPv4
Lecture 102 IP Address as a 32-Bit Binary Number
Lecture 103 Binary and Decimal Conversion
Lecture 104 IP Address Classes
Lecture 105 IP Address Classes
Lecture 106 IP Addresses as Decimal Numbers
Lecture 107 Hosts for Classes of IP Addresses
Lecture 108 IP Addresses as Decimal Numbers
Lecture 109 Network IDs and Broadcast Addresses
Lecture 110 Private Addresses
Lecture 111 Reserved Address Space
Lecture 112 Basics of Subnetting
Lecture 113 Subnetworks
Lecture 114 Subnetworks
Lecture 115 Subnet Mask
Lecture 116 Subnet Mask
Lecture 117 IPv6
Lecture 118 IPv4 versus IPv6
Lecture 119 Transmission Control Protocol
Lecture 120 User Datagram Protocol
Lecture 121 ARP
Lecture 122 ARP Operation Within a Subnet
Lecture 123 ARP Process
Lecture 124 Advanced ARP Concepts
Lecture 125 Default Gateway
Lecture 126 How ARP Sends Data to Remote Networks
Lecture 127 Proxy ARP
Lecture 128 Section Summary
Section 7: Physical Interception
Lecture 129 Physical Interception
Lecture 130 Overview
Lecture 131 Goal
Lecture 132 Background
Lecture 133 Pigeon Sniffing
Lecture 134 Cables
Lecture 135 Copper
Lecture 136 Optical
Lecture 137 Radio Frequency
Lecture 138 Information that Can Be Gained from Wi-Fi Traffic
Lecture 139 Inline Network Tap
Lecture 140 Vampire Tap
Lecture 141 Radio Frequency
Lecture 142 Radio Frequency
Lecture 143 Hubs
Lecture 144 Switches
Lecture 145 Obtaining Traffic from Switches
Lecture 146 Sniffing on Switches
Lecture 147 Section Summary
Section 8: Traffic Acquisition Software
Lecture 148 Traffic Acquisition Software
Lecture 149 Agenda
Lecture 150 Libpcap and WinPcap
Lecture 151 Background
Lecture 152 Libpcap - Introduction
Lecture 153 Installing Libpcap using the RPMs
Lecture 154 Installing Libpcap using the RPMs
Lecture 155 Installing Libpcap from the Source Files
Lecture 156 Installing Libpcap from the Source Files (Configure)
Lecture 157 Installing Libpcap from the Source Files (Make/Make Install))
Lecture 158 WinPcap - Introduction
Lecture 159 Installing WinPcap
Lecture 160 Section Summary
Lecture 161 The Berkeley Packet Filter (BPF) Language
Lecture 162 Overview
Lecture 163 Background
Lecture 164 BPF Primitives
Lecture 165 Filtering Packets by Byte Value
Lecture 166 Examples
Lecture 167 Filtering Packets by Bit Value
Lecture 168 Filtering Packets by Bit Value
Lecture 169 Section Summary
Lecture 170 Tcpdump
Lecture 171 Overview
Lecture 172 Background
Lecture 173 Basics
Lecture 174 Basics
Lecture 175 Installing tcpdump (Windows Installation)
Lecture 176 Installing tcpdump (Windows Installation)
Lecture 177 Installing tcpdump (Linux Installation)
Lecture 178 Installing tcpdump (Linux Installation)
Lecture 179 Installing tcpdump (Linux Installation)
Lecture 180 Filtering Packets with tcpdump
Lecture 181 Filtering Packets with tcpdump
Lecture 182 Section Summary
Lecture 183 Wireshark
Lecture 184 Overview
Lecture 185 Background
Lecture 186 Installing Wireshark
Lecture 187 Installing Wireshark (Microsoft Windows Systems)
Lecture 188 Installing Wireshark (Linux Systems)
Lecture 189 Wireshark Protocol Analyzer
Lecture 190 Section Summary
Lecture 191 Tshark
Lecture 192 Overview
Lecture 193 Background
Lecture 194 Examples of tshark
Lecture 195 Statistics
Lecture 196 Examples
Lecture 197 Section Summary
Section 9: Live Acquisition
Lecture 198 Live Acquisition
Lecture 199 Agenda
Lecture 200 Common Interfaces
Lecture 201 Overview
Lecture 202 Background
Lecture 203 Console
Lecture 204 Secure Shell (SSH)
Lecture 205 Secure Copy (SCP) and SFTP
Lecture 206 Telnet
Lecture 207 Simple Network Management Protocol (SNMP)
Lecture 208 Simple Network Management Protocol (SNMP)
Lecture 209 Web and Proprietary Interfaces
Lecture 210 Section Summary
Lecture 211 Inspection without Access
Lecture 212 Overview
Lecture 213 Background
Lecture 214 Port Scanning
Lecture 215 Vulnerability Scanning
Lecture 216 Section Summary
Lecture 217 Strategy
Lecture 218 Overview
Lecture 219 Refrain
Lecture 220 Connect
Lecture 221 Record the Time
Lecture 222 Collect Evidence
Lecture 223 Record Investigative Activities
Lecture 224 Section Summary
Section 10: Layer 2 Protocol
Lecture 225 Layer 2 Protocol
Lecture 226 The IEEE Layer 2 Protocol Series
Lecture 227 Overview
Lecture 228 Background
Lecture 229 Layer 2 Protocols
Lecture 230 CSMA/CD
Lecture 231 CSMA/CD
Lecture 232 802.11 Protocol Suite: Frame Types
Lecture 233 802.11 Protocol Suite: Frame Types (Management Frames)
Lecture 234 802.11 Protocol Suite: Frame Types (Management Frames)
Lecture 235 802.11 Protocol Suite: Frame Types (Control Frames)
Lecture 236 802.11 Protocol Suite: Frame Types (Data Frames)
Lecture 237 802.11 Protocol Suite: Frame Analysis
Lecture 238 802.11 Protocol Suite: Network-Byte Order
Lecture 239 802.11 Protocol Suite: Endianness
Lecture 240 802.11 Protocol Suite: Network-Byte Order
Lecture 241 802.11 Protocol Suite: Wired Equivalent Privacy
Lecture 242 802.11 Protocol Suite: Wired Equivalent Privacy
Lecture 243 An 802.11 Packet Capture Displayed in Wireshark
Lecture 244 802.1X
Lecture 245 Section Summary
Section 11: Protocol Analysis
Lecture 246 Protocol Analysis
Lecture 247 Agenda
Lecture 248 Protocol Analysis
Lecture 249 Overview
Lecture 250 Background
Lecture 251 Tools
Lecture 252 Tools
Lecture 253 Tools
Lecture 254 Techniques
Lecture 255 Section Summary
Lecture 256 Packet Analysis
Lecture 257 Agenda
Lecture 258 'Fundamentals and Challenges
Lecture 259 Protocol Analysis
Lecture 260 Documentation
Lecture 261 Protocol Analysis Tools
Lecture 262 Packet Details Markup Language and Packet Summary Markup Language
Lecture 263 Packet Details Markup Language and Packet Summary Markup Language
Lecture 264 Packet Details Markup Language and Packet Summary Markup Language
Lecture 265 Wireshark
Lecture 266 Wireshark Display
Lecture 267 Tshark
Lecture 268 Tshark Display
Lecture 269 Protocol Analysis Techniques
Lecture 270 Protocol Identification
Lecture 271 Protocol Decoding
Lecture 272 Exporting Fields
Lecture 273 Defined
Lecture 274 Packet Analysis Tools
Lecture 275 Wireshark and Tshark Display Filters
Lecture 276 ngrep
Lecture 277 Hex Editors
Lecture 278 Packet Analysis Techniques
Lecture 279 Pattern Matching
Lecture 280 Parsing Protocol Fields
Lecture 281 Packet Filtering
Lecture 282 Section Summary
Lecture 283 Flow Analysis
Lecture 284 Agenda
Lecture 285 Overview
Lecture 286 Background
Lecture 287 Defined
Lecture 288 Tools
Lecture 289 Follow TCP Stream
Lecture 290 Tools
Lecture 291 Flow Analysis Techniques
Lecture 292 Lists Conversations and Flows
Lecture 293 List TCP Flows
Lecture 294 Export Flow
Lecture 295 Manual File and Data Carving
Lecture 296 Automatic File Carving
Lecture 297 Higher-Layer Traffic Analysis
Lecture 298 HTTP
Lecture 299 DHCP
Lecture 300 SMTP
Lecture 301 DNS
Lecture 302 Higher-Layer Analysis Tools
Lecture 303 Higher-Layer Analysis Tools
Lecture 304 Section Summary
Section 12: Wireless Access Points
Lecture 305 Wireless Access Points
Lecture 306 Overview
Lecture 307 Background
Lecture 308 Background
Lecture 309 Background
Lecture 310 Background
Lecture 311 Background
Lecture 312 Why Investigate WAPs?
Lecture 313 Types of WAPs
Lecture 314 Types of WAPs
Lecture 315 Types of WAPs
Lecture 316 Volatile Data and Persistent Data
Lecture 317 Section Summary
Section 13: Wireless Traffic Capture and Analysis
Lecture 318 Wireless Traffic Capture and Analysis
Lecture 319 Overview
Lecture 320 Spectrum Analysis
Lecture 321 Spectrum Analysis
Lecture 322 Spectrum Analysis
Lecture 323 Wireless Passive Evidence Acquisition
Lecture 324 Wireless Passive Evidence Acquisition
Lecture 325 Wireless Passive Evidence Acquisition
Lecture 326 Analyzing 802.11 Efficiently
Lecture 327 Section Summary
Section 14: NIDS/Snort
Lecture 328 NIDS/Snort
Lecture 329 Agenda
Lecture 330 Investigating NIDS/NIPS and NIDS/NIPS Functionality
Lecture 331 Overview
Lecture 332 Background
Lecture 333 Sniffing
Lecture 334 Higher-Layer Protocols Awareness
Lecture 335 Alerting on Suspicious Bits
Lecture 336 Section Summary
Lecture 337 NIDS/NIPS Evidence Acquisition
Lecture 338 Overview
Lecture 339 Background
Lecture 340 Types of Evidence: Configuration
Lecture 341 Types of Evidence: Alert Data
Lecture 342 Types of Evidence: Packet Header/Content Data
Lecture 343 Types of Evidence: Activities Correlated Across Multiple Sensors
Lecture 344 NIDS/NIPS Interfaces
Lecture 345 Section Summary
Lecture 346 Comprehensive Packet Logging
Lecture 347 Overview
Lecture 348 Background
Lecture 349 Background
Lecture 350 Evidence
Lecture 351 Section Summary
Lecture 352 Snort
Lecture 353 Overview
Lecture 354 Background
Lecture 355 Basic Architecture
Lecture 356 Snort File Locations
Lecture 357 Snort Rule Language
Lecture 358 Snort Rules
Lecture 359 Section Summary
Section 15: Centralized Logging and Syslog
Lecture 360 Centralized Logging and Syslog
Lecture 361 Agenda
Lecture 362 Sources of Logs
Lecture 363 Overview
Lecture 364 Operating System Logs
Lecture 365 Operating System Logs
Lecture 366 Operating System Logs
Lecture 367 Operating System Logs
Lecture 368 Operating System Logs
Lecture 369 Application Logs
Lecture 370 Application Logs
Lecture 371 Physical Device Logs
Lecture 372 Network Devices
Lecture 373 Section Summary
Lecture 374 Network Log Architecture
Lecture 375 Overview
Lecture 376 Three Types of Logging Architectures
Lecture 377 Three Types of Logging Architectures
Lecture 378 Three Types of Logging Architectures
Lecture 379 Remote Logging: Common Pitfalls and Strategies
Lecture 380 Remote Logging: Common Pitfalls and Strategies
Lecture 381 Remote Logging: Common Pitfalls and Strategies
Lecture 382 Remote Logging: Common Pitfalls and Strategies
Lecture 383 Log Aggregation and Analysis Tools
Lecture 384 Log Aggregation and Analysis Tools
Lecture 385 Section Summary
Lecture 386 Collecting and Analyzing Evidence
Lecture 387 Overview
Lecture 388 Obtain Information
Lecture 389 Obtain Information
Lecture 390 Obtain Information
Lecture 391 Strategize
Lecture 392 Strategize
Lecture 393 Strategize
Lecture 394 Strategize
Lecture 395 Collect Evidence
Lecture 396 Collect Evidence
Lecture 397 Collect Evidence
Lecture 398 Collect Evidence
Lecture 399 Analyze
Lecture 400 Report
Lecture 401 Section Summary
Section 16: Investigating Network Devices
Lecture 402 Investigating Network Devices
Lecture 403 Agenda
Lecture 404 Storage Media
Lecture 405 Overview
Lecture 406 Background
Lecture 407 DRAM (Dynamic Random-Access Memory)
Lecture 408 CAM (Content-Addressable Memory)
Lecture 409 NVRAM (Non-Volatile Random-Access Memory)
Lecture 410 Hard Drive
Lecture 411 ROM
Lecture 412 Section Summary
Lecture 413 Switches
Lecture 414 Overview
Lecture 415 Background
Lecture 416 CAM Tables (Content-Addressable Memory)
Lecture 417 ARP
Lecture 418 Types of Switches
Lecture 419 Types of Switches
Lecture 420 Switch Evidence
Lecture 421 Section Summary
Lecture 422 Routers
Lecture 423 Overview
Lecture 424 Background
Lecture 425 Types of Routers
Lecture 426 Router Evidence
Lecture 427 Section Summary
Lecture 428 Firewalls
Lecture 429 Overview
Lecture 430 Background
Lecture 431 Types of Firewalls
Lecture 432 Types of Firewalls
Lecture 433 Firewall Evidence
Lecture 434 Section Summary
Section 17: Web Proxies and Encryption
Lecture 435 Web Proxies and Encryption
Lecture 436 Agenda
Lecture 437 Web Proxy Functionality
Lecture 438 Overview
Lecture 439 WAP Attacks
Lecture 440 Caching
Lecture 441 URI Filtering
Lecture 442 Content Filtering
Lecture 443 Section Summary
Lecture 444 Web Proxy Evidence
Lecture 445 Overview
Lecture 446 Background
Lecture 447 Types of Evidence
Lecture 448 Obtaining Evidence
Lecture 449 Section Summary
Lecture 450 Web Proxy Analysis
Lecture 451 Overview
Lecture 452 Background
Lecture 453 Log Analysis Tools
Lecture 454 Log Analysis Tools
Lecture 455 Log Analysis Tools
Lecture 456 Log Analysis Tools
Lecture 457 Section Summary
Lecture 458 Encrypted Web Traffic
Lecture 459 Overview
Lecture 460 Background
Lecture 461 Transport Layer Security (TLS)
Lecture 462 Gaining Access to Encrypted Content
Section 18: Network Tunneling
Lecture 463 Network Tunneling
Lecture 464 Tunneling for Functionality
Lecture 465 Overview
Lecture 466 VLAN Trunking
Lecture 467 Inter-Switch Link (ISL)
Lecture 468 Generic Routing Encapsulation (GRE)
Lecture 469 IPv4 over IPv6 with Teredo
Lecture 470 Implications for the Investigator
Lecture 471 Section Summary
Lecture 472 Tunneling for Confidentiality
Lecture 473 Overview
Lecture 474 Background
Lecture 475 Internet Protocol Security (IPsec)
Lecture 476 TLS/SSL
Lecture 477 Implications for the Investigator
Lecture 478 Section Summary
Lecture 479 Covert Tunneling
Lecture 480 Overview
Lecture 481 Covert Tunneling Strategies
Lecture 482 TCP Sequence Numbers
Lecture 483 DNS Tunnels
Lecture 484 Implications for the Investigator
Section 19: Malware Forensics
Lecture 485 Malware Forensics
Lecture 486 Trends in Malware Evolution
Lecture 487 Overview
Lecture 488 Background
Lecture 489 Botnets
Lecture 490 Encryption and Obfuscation
Lecture 491 Distributed Command-and-Control Systems
Lecture 492 Automatic Self-Updates
Lecture 493 Metamorphic Network Behavior
Lecture 494 Section Summary
Those IT pros that want to advance their network investigative and incident response handling policies, procedures and techniques.