Certified Network Forensics Examiner Training (CNFE)

This 5-day Certified Network Forensics Examiner Training (CNFE) advanced course was originally designed for a select U.S. Government Agency. The CNFE certification program will prepare students to exercise true advanced networking forensics techniques through the use of proprietary labs in our exclusive cyber range.

You should attend this Certified Network Forensics Examiner (CNFE)course if you are:

  • Cyber Security team members who need to respond to intrusions, ‘hacks’ and incidents in their network.
  • Cyber Security team members that are required to know how to examine, probe, trace, frisk, and interrogate their network(s) to find out how they were compromised.
  • Those IT pros that want to advance their network investigative and incident response handling policies, procedures and techniques.

Accreditations & Acknowledgements

  • ACCREDITED by the NSA CNSS 4011-4016
  • MAPPED to NIST / Homeland Security NICCS’s Cyber Security Workforce Framework
  • APPROVED on the FBI Cyber Security Certification Requirement list (Tier 1-3)

The Certified Network Forensics Examiner (CNFE) Workshop/certification has been validated by the NSA for: CNSSI-4012, National Information Assurance Training Standard for Senior System Managers and NSTISSI – 4011, National Training Standard for Information Systems Security (INFOSEC).

Exam Information:

  • The Certified Network Forensics Examiner exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your mile2 account. The exam will take 2 hours and consist of 100 multiple choice questions. The cost is $500 USD and must be purchased from us.

Student Materials:

  • Student Workbook
  • Student Prep Guide
  • Student Lab Guide
  • CPEs: 40

Certified Network Forensics Examiner Training (CNFE)Duration: 5 days

RESOURCES
RELATED COURSES
CUSTOMIZE It
  • We can adapt this Certified Network Forensics Examiner (CNFE) course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Certified Network Forensics Examiner (CNFE) course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Certified Network Forensics Examiner (CNFE) Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Certified Network Forensics Examiner (CNFE) course in manner understandable to lay audiences.
AUDIENCE/TARGET GROUP

The target audience for this Certified Network Forensics Examiner (CNFE) course:

  • Digital & Network Forensic Engineers
  • IS & IT managers
  • Network Auditors
CLASS PREREQUISITES

The knowledge and skills that a learner must have before attending this Certified Network Forensics Examiner (CNFE) course are:

  • Must have a Digital or Computer Forensics Certification or equivalent knowledge
  • 2 years of IT Security
  • Working Knowledge of TCP/IP
Certified Network Forensics Examiner Training (CNFE) - OBJECTIVES

Upon completing this Certified Network Forensics Examiner (CNFE) course, learners will be able to meet these objectives:

Participants will be able to apply forensically-sound best practice techniques against
virtual infrastructure entities in the following use case scenarios:

  • Identifying direct evidence of a crime
  • Attributing evidence to specific suspects
  • Confirming (or negating) suspect alibis
  • Confirming (or negating) suspect statements
  • Determining (or negating) suspect intent
  • Determining (or negating) Identifying sources
  • Determining (or negating) Authenticating documents
  • The CNFE certification program will prepare students to exercise true advanced networking forensics techniques through the use of proprietary labs in our exclusive cyber range.
Certified Network Forensics Examiner Training (CNFE) - COURSE SYLLABUS
Introduction
  • Module 1: – Digital Evidence Concepts
  • Module 2: Network Evidence Challenges
  • Module 3: Network Forensics Investigative Methodology
  • Module 4: Network-Based Evidence
  • Module 5: Network Principles
  • Module 6: Internet Protocol Suite
  • Module 7: Physical Interception
  • Module 8: Traffic Acquisition Software Scanning
  • Module 9: Live Acquisition
  • Module 10: – Analysis
  • Module 11: Layer 2 Protocol
  • Module 12: Wireless Access Points
  • Module 13: Wireless Capture Traffic and Analysis
  • Module 14: Wireless Attacks
  • Module 15: NIDS Snort
  • Module 16: Centralized Logging and Syslog
  • Module 17: Investigating Network Devices
  • Module 18: Web Proxies and Encryption
  • Module 19: Network Tunneling Scanning
  • Module 20: Malware Forensics
LABS: HANDS-ON LABORATORY EXERCISES

Lab 1 – Working with captured files

  • Exercise 1 – HTTP.pcap
  • Exercise 2 – SMB.pcap
  • Exercise 3 – SIP_RTP.pcap

Lab 2 – Layer 2 Attacks

  • Exercise 1 – Analyze the capture of macof.
  • Exercise 2 – Manipulating the STP root bridge election process
  • Lab 2 – Active Evidence Acquisition

Lab 3 – Preparing for Packet Inspection

Lab 4 – Analyzing Packet Captures

  • Exercise 2: Analyze TKIP and CCMP Frames starting from 4-Way Handshake process.

Lab 5 – Case Study: ABC Real Estate

Lab 6 – NIDS/NIPS

  • Exercise 1 – Use Snort as Packet Sniffer
  • Exercise 2 – Use Snort as a packet logger
  • Exercise 3 – Check Snort’s IDS abilities with pre-captured attack pattern files

Lab 7 – Syslog Exercise

Lab 8 – Network Device Log

LAB 9 – SSL

  • Exercise 1- Decrypting SSL Traffic by using a given Certificate Private Key
  • Exercise 2 – SSL and Friendly Man-in-the-middle
Certified Network Forensics Examiner Training (CNFE) Course Wrap-Up

Whether you are looking for general information or have a specific question, we want to help.
Request More Information

    Time frame: