Network Forensics Learning Path

Learn how systems are compromised and what traces are left by attackers.

4 hours, 5 minutes

Quick facts

About this learning path

  • courses

    100% online

  • Duration

    4 hours, 5 minutes

  • Assessment


About Network Forensics

This learning path is designed to build a foundation of knowledge and skills around network forensics. As you progress through eight courses, you'll learn the fundamentals of network design, network forensics tools and best practice, and how to perform analysis on a variety of data, including logs, TCP/IP protocols, wireless devices and component areas, web traffic and email. Upon completion, you'll have the knowledge and skills required to conduct a networks forensics investigation.



Networking Fundamentals

Course - 00:32:00

Explore one of the foundations of information security with this course on networking fundamentals. Take a look at the basic structure of information exchange and answer questions such as: What are protocols? What are the different types of addresses? Why might some people have a private or a public IP address? Solidify your understanding of network fundamentals with a course including examples, vocabulary, diagrams and more.
Network Forensics Concepts

Course - 00:50:00

A network is simply defined as a group of computers connected together … But there’s far more to it than that. This five-video course takes you through the knowledge, tools and techniques needed to conduct the complex business of network forensics. Includes close looks at packet structure, common ports, IP address and Media Access Control (MAC) address spoofing, connection types, example cases related to innovative tools and even the potential dangers associated with certain avenues of approach.
Network Security Technologies

Course - 00:31:00

Network forensics focuses on analyzing network traffic and can reveal how an intruder entered a network, the path they took, intrusion techniques used by the attacker and more. Follow the path of network forensics with this course on useful security technologies, including firewalls, bastion hosts, intrusion detection systems, Kerberos, Secure Shell (SSH) and file integrity check tools. Includes diagrams and vocabulary.
Log Analysis

Course - 00:39:00

Log and network forensics are important tools for understanding network conditions, for making evaluations — and for gathering evidence. Get to grips with log analysis in this course covering log analysis and auditing, mandatory policies and procedures, centralized log management, Security Information and Event Management (SIEM), the four main sources of data and more. Includes vocabulary, diagrams and demonstrations.
Protocol Analysis

Course - 00:20:00

Various TCP/IP protocols are available for network analysis during examinations and investigations. Take a few minutes to refresh your knowledge of protocol analysis with this course covering TCP/IP concepts, including the seven layers of networking, headers, requests for comments (RFCs), IP addressing, subnetting, subnet masks, ports and sockets. Includes diagrams and examples.
Wireless Analysis

Course - 00:38:00

We’re often faced with investigations where the best or most relevant evidence can only be found on wireless devices and component areas. Let’s take a look at wireless analysis: wireless networking fundamentals, wireless local area network (WLAN) fundaments, wireless security solutions, wireless auditing and wireless public key infrastructure (PKI). Refresh your knowledge of addressing, Wi-Fi Protected Access (WPA), end-to-end encryption, authentication, attacks to look out for and more.
Web Traffic Analysis

Course - 00:13:00

Several products perform disk write protection, including both hardware and software products. This course will help you improve your techniques for preventing disk writes and alteration of evidence. Take a closer look at Web signatures, different Web browsers, the critical role of the index.dat and history.dat files, formats of cookies and more.
Email Analysis

Course - 00:21:00

Dig into email analysis with this course covering email structure, protocols, content, storage, distribution lists, directory access and everything else you wanted to know about this common tool. Explore what’s required for forensic recovery of email and what you can learn from email headers, email tracking, Outlook files, message fields, implementations and more.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo