ANT0403

Digital forensics in TCP/IP networks

Duration of training: 5 days

start date: Monday, June 2, 2025

sign up for a course

description
course

The material of this course will allow listeners to study the processes, techniques, and tools for conducting forensic investigations of digital network activity data from corporate systems and applications. The course material also covers how to organize digital forensics processes and how to integrate them into the overall corporate cyber security architecture.

course audience

Engineers handling cyber security incidents; Digital forensics engineers.

prerequisites

Knowledge of operating systems architecture and operation at the ANT-OW101 and OL101 course levels, and knowledge of cyber security incident handling processes at the ANT0401 course level are required.

how it works
education

online course

The online course involves group classes with an instructor via video conferencing, in addition, homework and an exam.

for corporate clients

training for corporate clients includes online and self-study courses, as well as additional services required by corporate clients: organizing training plans for client departments, assessing the effectiveness of training, etc.

teacher
course

program
course

• Classification of cyber-attacks.
• Stages of a cyber-attack.
• Artefacts of cyber-attacks and their correlation.
• Process of conducting forensic investigations.
• Digital forensics tools.
• Principles of processing deleted and defective data.
• Reconstructing the chronology of a cyber-attack.
• Generating and analyzing indicators of compromise in digital systems.
• Principles of network traffic collection in corporate infrastructure.
• Mirroring of network traffic.
• Storing collected network traffic.
• Wireshark architecture and features.
• Preprocessors.
• Filters.
• Mate Components.
• Detecting and analyzing network attacks and malicious network activity in traffic dumps.
• Artefacts of malicious network activity.
• Detecting malicious network activity with Windows OS tools.
• Detecting malicious network activity with Linux/macOS tools.
• Detecting malicious network activity with HIPS/HIDS tools.
• Reconstructing the chronology of a cyber-attack.
• Principles and methods of statistical analysis.
• Standard algorithms.
• «Big Data» algorithms.
• Collecting and analyzing statistical information. Netflow.
• Principles of log creation subsystem operation.
• Logs of events on network devices.
• Logs of network events of server systems and applications.
• Logs of network events of user systems.
• Centralized collection and storage of network event logs.
• Analyzing network events logs.
• Corporate cyber security architecture.
• Monitoring cyber security events and incidents.
• Responding to cyber security events and incidents.
• Organizing digital forensics processes.
• Embedding digital forensics processes into corporate cyber security processes.

Сourse purchase
options

individual

Cost — $1,550.00

Group online classes

Unlimited access to all the materials

Live webinars with teachers

Homework

Exam with certificate

Course dates:

pay for the course

corporate

Cost от $1,550.00

To obtain information about the final cost and clarify the date of the course, please fill out the form.

SUBMIT YOUR APPLICATION

* By clicking “send”, you agree to the Terms of Service And Privacy Policy