C)NFE - Certified Network Forensics Examiner
Home Courses Categories Digital Forensics

C)NFE – Certified Network Forensics Examiner

Duration: 5 days
Format: Instructor-led, (Lecture and Lab)
Prerequisites: 2 years of networking experience, 2 years of IT Security, Working Knowledge of TCPIP
Student Materials:
Student workbook, Student lab guide, Student Exam Prep guide
CPEs: 40 Hours
Certification Exams: Mile2 C)NFE
Who Should Attend: Digital & Network Forensic Engineers, IS & IT managers, Network Auditors
Training Schedule: September 10-14, 2017
Standard
AED14,995
Enroll Now & Pay 10 days prior to start of class
Printed
5 Days Instructor Lead Course
Hands on Pen-Test Lab
Enroll Now
Printed Material
AED9,995
Register & Pay 45 day or prior to start of class
Printed Course Material
5 Days Instructor Lead Course
Hands on Pen-Test Lab
Register Now
Government
AED
Request for Quotation
Special pricing & Discounts are available for government & large organizations.
Special pricing can be applied for public, private and customized training.
Request for Quotation

The Certified Network Forensics Examiner vendor neutral certification was developed for a U.S. classified government agency. The C)NFE takes a digital and network forensic skill set to the next level by navigating through over twenty modules of network forensic topics.

The CNFE provides practical experience through our lab exercises that simulate real-world scenarios that cover investigation and recovery of data in network, Physical Interception, Traffic Acquisition, Analysis, Wireless Attacks and SNORT. The course focuses on the centralizing and investigating of logging systems as well as network devices.

Module 1 -Digital Evidence Concepts

Overview
Concepts in Digital Evidence
Section Summary
Module Summary

Module 2 -Network Evidence Challenges

Overview
Challenges Relating to Network Evidence
Section Summary
Module Summary

Module 3 – Network Forensics Investigative

Methodology
Overview
OSCAR Methodology
Section Summary
Module Summary

Module 4 – Network-Based Evidence

Overview
Sources of Network-Based Evidence
Section Summary
Module Summary

Module 5 – Network Principles

Background
History
Functionality
FIGURE 5-1 The OSI Model
Functionality
Encapsulation/De-encapsulation
FIGURE 5-2 OSI Model Encapsulation
Encapsulation/De-encapsulation
FIGURE 5-3 OSI Model peer layer logical channels
Encapsulation/De-encapsulation
FIGURE 5-4 OSI Model data names
Section Summary
Module Summary

Module 6 – Internet Protocol Suite

Overview
Internet Protocol Suite
Section Summary
Module Summary

Module 7 – Physical Interception

Physical Interception
Section Summary
Module Summary

Module 8 – Traffic Acquisition Software

Agenda
Libpcap and WinPcap
LIBPCAP
WINPCAP
BPF Language
Section Summary
TCPDUMP
WIRESHARK
TSHARK
Module Summary

Module 9 – Live Acquisition

Agenda
Common Interfaces
Inspection Without Access
Strategy
Section Summary
Module Summary

Module 10 – Analysis

Hospital Case Study
Exercise 1 – War Driving Lab
Exercise 2 – WEP Cracking Lab (classroom only)
Exercise 3 – Documentation
Protocol Analysis
Section Summary
Section 04
Higher-Layer Traffic Analysis
Module Summary

Module 11 – Layer 2 Protocol

Agenda
The IEEE Layer 2 Protocol Series
Section Summary
Module Summary

Module 12- Wireless Access Points

Agenda
Wireless Access Points (WAPs)
Section Summary
Module Summary

Module 13 – Wireless Capture Traffic and Analysis

Agenda
Wireless Traffic Capture and Analysis
Section Summary
Module Summary

Module 14 – Wireless Attacks

Agenda
Common Attacks
Section Summary
Module Summary

Module 15 – NIDS_Snort

Agenda
Investigating NIDS/NIPS
and Functionality
NIDS/NIPS Evidence Acquisition
Comprehensive Packet Logging
Section Summary
Snort
Module Summary

Module 16 – Centralized Logging and Syslog

Agenda
Sources of Logs
Section Summary
Network Log Architecture
Collecting and Analyzing Evidence
Module Summary

Module 17 – Investigating Network Devices

Agenda
Storage Media
Switches
Section Summary
Routers
Firewalls
Module Summary

Module 18 – Web Proxies and Encryption

Agenda
Web Proxy Functionality
Section Summary
Web Proxy Evidence
Web Proxy Analysis
Encrypted Web Traffic
Module Summary

Module 19 – Network Tunneling

Agenda
Tunneling for Functionality
Tunneling for Confidentiality
Section Summary
Covert Tunneling
Module Summary

Module 20 – Malware Forensics

Trends in Malware Evolution
Section Summary
Module Summary

Students will:

  • Have knowledge to perform network forensic examinations.
  • Have knowledge to accurately report on their findings from examinations
  • Be ready to sit for the C)NFE Exam

The Certified Network Forensics Examiner certification exam is taken online through Mile2’s Assessment and Certification System (MACS), which is accessible on your mile2.com account. The exam will take 2 hours and consist of 100 multiple choice questions. The cost is $400 USD and must be purchased from the store on Mile2.com.