Catalogue · MOD-DEF-06

Network Forensics

Network traffic keeps the memory of an intrusion. This module teaches you to investigate from packets: session reconstruction, detection without decryption, and reporting.

Defence (Blue) Praticien 5 bricks 9 labs ≈ 17.2 h 5 real cases

Objectives

• Reconstruct sessions from a capture • Detect without decrypting (JA3, DNS) • Write network detections (Zeek/Snort) • Correlate and report an investigation

Module bricks

BRQ-DEF-029 — Network session reconstruction (NetworkMiner) (1 lab(s))
BRQ-DEF-030 — Encrypted traffic & log analysis (Zeek) (2 lab(s))
BRQ-DEF-031 — Forensic traffic detection (Zeek/Snort) (2 lab(s))
BRQ-DEF-032 — VoIP analysis & exfiltration detection (2 lab(s))
BRQ-DEF-033 — Multi-source correlation & network investigation report (2 lab(s))

Order this module View full catalogue