This 40-hour course is designed to teach law enforcement investigators the skills needed to investigate more complex network-related incidents such as data breaches, potential nation state attacks, internal network investigations, and malware incidents. Students will gain an understanding of networking concepts with an emphasis on more enterprise / business level investigations.

The class will focus on both Windows and Linux environments teaching the students how to identify the evidence and artifacts. The students start by creating their own network from scratch and putting their newly learned skills to the test on the final day with a realistic data breach investigation. Students will be exposed to memory analysis as well as APT (Advance Persistent Threat) related attacks, tools, tactics and procedures.

Personnel who will be or are currently conducting network-based or forensics for criminal activity. Students will be required to have a more in depth knowledge of computer forensics and understanding of network related concepts (Routers, Switches, Sub-netting, IPv4 Addressing, etc.). This class will include both Windows and Linux-based tools. However, Linux-based tools will be the primary focus. It is strongly recommended that students have an understanding of Linux command line usage.

Prerequisite for this class is the successful completion of the California DOJ’s Intermediate Forensic Network Analysis Course (D316) or equivalent course offering.Students who have not completed this course will need to provide a resume or CV for eligibility determination. THIS IS NOT AN INTRODUCTORY LEVEL CLASS.

Course Objectives- Upon completion of this course, the students will understand the methods suspects use to commit network-related crimes and how to respond to such incidents and gather evidence. The student, will learn about more advanced network intrusion concepts, different attack methodologies, proper evidence handling, and investigative processes to assist with network forensic investigations.

Additionally the students will be able to effectively communicate and work with system administrators regarding what is needed during a network-based investigation. With this knowledge, the investigator will be better prepared to analyze network-based incidents for criminal activity and put a case together for successful prosecution.

Course Outline

·Advanced Networking Concepts

·Encryption methods

·Hands on labs for building networks

·Investigating unauthorized access into networks

·Forensic tools and investigation methods

·APT Attacks

·Memory analysis