As the initial 24-hour course in a three-part series, this course on network investigations builds foundational knowledge for both new and experienced investigators by bridging the gap between traditional host-based forensics and the dynamic world of network data.

Starting with an essential refresher on host-based forensics, then moving into networking concepts, including the OSI model and TCP/IP, the course delves into various network data sources like packet captures and logs from devices, servers, and cloud services. Participants will gain practical skills in analyzing network traffic using Wireshark, understanding log analysis principles, and leveraging Open-Source Intelligence (OSINT) tools. The course then progresses to applying these methodologies within an incident response framework, emphasizing the chain of custody for volatile network data and timeline analysis, while also exploring advanced attack scenarios like DDoS, C2, and ransomware. Finally, the course addresses critical legal considerations such as jurisdiction, privacy, encryption challenges, and presenting network evidence in court, concluding with guidance on building investigative capabilities, continuous learning, and exploring emerging trends in network forensics.

Who Should Attend:

Law enforcement personnel assigned to cybercrime investigative units, digital forensic units, ICAC investigative units, other specialty investigative units. Furthermore, any law enforcement officer with an interest in forensic network investigations. It is strongly suggested that students should effectively operate a Windows based computer, be familiar with a Linux Operating System and a working knowledge with Terminal and PowerShell.

Class Objectives:

Upon completing this course, law enforcement personnel in cybercrime or other specialized investigative units will possess a strong foundational understanding of network-based investigations. Participants will gain crucial knowledge of network concepts and architecture, master the identification and acquisition of critical network data, and become proficient in using various investigative tools and methodologies. Experienced personnel, in particular, will significantly update their skills with the latest tactics and techniques employed in dynamic network environments.

Class Outline:

Fundamental Network Concepts for Investigators

Common Network Topologies & Their Investigative Impact

Network Data Sources for Investigations

Practical Packet Analysis with Wireshark

Introduction to Log Analysis & Open-Source Intelligence

Core Methodologies in Network Investigations

Advanced Network Attack Scenarios & Analysis

Legal Considerations and Challenges

Building Your Network Investigation Capability & Future Outlook

Cost

This is a POST Plan IV reimbursable course for POST reimbursable agencies, and travel reimbursement is available via Training Reimbursement Requests (TRR).

Prior to June 2025, this LAN Investigation Course was offered as a 40 hour course, as the first in a 2 course series.