Packet Analysis for Incident Response
Packet Analysis for Incident Response Intermediate • Two-Day Instructor-Led Course
As a first responder in an incident response scenario, the collection and analysis of volatile data is critical. One of the best volatile data sources that could provide insight into the current breach situation is network traffic. The analysis of network traffic from a compromised network can offer artifacts pointing to the origin of the attack to discovery of the overall scope of the incident. This two-day course will give the students the opportunity to learn different strategies for network traffic capture and packet analysis through hands-on activities and scenarios. During this two-day class, participants will review the following: Packet Analysis Theory Packet Captures Packet Analysis Process Data Analysis from Packet Captures o Protocols o Common Traffic o Multiple Capture Sources Introduction to Network Data Visualization The class includes multiple hands-on labs that allow students to apply what they have learned in the workshop. Prerequisites To obtain the maximum benefit from this class, you should meet the following requirements:
Read and understand the English language Basic knowledge of and experience using personal computers including working with files and folders and basic navigation skills. The skills gained from the Networking for Incident Response five-day class. Basic understanding of Digital Attacks
Class Materials and Software You will receive class related information and materials as presented in class as well as lab exercises.
(Continued on other side)
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
Packet Analysis for Incident Response Intermediate • Two-Day Instructor-Led Course
(Continued) Module 1: Introduction
Module 4: Data Analysis from Packet Captures
Topics Introduction of Instructor and Students Class Objectives
Objectives: Packet Deconstruction o Addressing Physical Logical Application Mapping o Communication Streams o Protocols and Packet Data Data Discovery and Reconstruction Network Discovery and Enumeration
Module 2: Packet Analysis Theory Objectives: Defining Packet Data Packet Construction o OSI Review o TCP/IP Review Common Protocols Module 3: Packet Captures Objectives: Understanding Packet Captures Packet Capture Basics o Logical Captures o Physical Captures o Devices Strategic Packet Captures
Module 5: Introduction to Network Data Visualization Objectives: Network Data Visualization Defined Network Data Visualization o Tools o Processes Network Analysis through Visualization
Module 3: Packet Analysis Process Objectives: Starting Evidence Paths o Common Start Points o Scenario Driven Paths Packet Analysis Tools Isolating Critical Network Data
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
As a first responder in an incident response scenario, the collection and analysis of volatile data is critical. One of the best volatile data sources that could provide insight into the current breach situation is network traffic. The analysis of network traffic from a compromised network can offer artifacts pointing to the origin of the attack to discovery of the overall scope of the incident. This two-day course will give the students the opportunity to learn different strategies for network traffic capture and packet analysis through hands-on activities and scenarios. During this two-day class, participants will review the following: Packet Analysis Theory Packet Captures Packet Analysis Process Data Analysis from Packet Captures o Protocols o Common Traffic o Multiple Capture Sources Introduction to Network Data Visualization The class includes multiple hands-on labs that allow students to apply what they have learned in the workshop. Prerequisites To obtain the maximum benefit from this class, you should meet the following requirements:
Read and understand the English language Basic knowledge of and experience using personal computers including working with files and folders and basic navigation skills. The skills gained from the Networking for Incident Response five-day class. Basic understanding of Digital Attacks
Class Materials and Software You will receive class related information and materials as presented in class as well as lab exercises.
(Continued on other side)
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
Packet Analysis for Incident Response Intermediate • Two-Day Instructor-Led Course
(Continued) Module 1: Introduction
Module 4: Data Analysis from Packet Captures
Topics Introduction of Instructor and Students Class Objectives
Objectives: Packet Deconstruction o Addressing Physical Logical Application Mapping o Communication Streams o Protocols and Packet Data Data Discovery and Reconstruction Network Discovery and Enumeration
Module 2: Packet Analysis Theory Objectives: Defining Packet Data Packet Construction o OSI Review o TCP/IP Review Common Protocols Module 3: Packet Captures Objectives: Understanding Packet Captures Packet Capture Basics o Logical Captures o Physical Captures o Devices Strategic Packet Captures
Module 5: Introduction to Network Data Visualization Objectives: Network Data Visualization Defined Network Data Visualization o Tools o Processes Network Analysis through Visualization
Module 3: Packet Analysis Process Objectives: Starting Evidence Paths o Common Start Points o Scenario Driven Paths Packet Analysis Tools Isolating Critical Network Data
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
