Network Forensic Intermediate Course

Title: Network Forensic Intermediate Course
Duration: 1 week

Course Aim

The aim of this course is to provide students with theoretical and practical knowledge of networks at an intermediate level. Training will encompass latest best practice, technologies and techniques available to Law Enforcement Specialists.
Topics include:

  • Hackers and Investigators methodologies
  • Both Client and Server side attacks
  • Log analysis
  • Scenarios will allow the student to identify evidence required in a network investigation

By the end of this course the students will be able to:

  • Explain how a hacker penetrated a network or a server,
  • Develop an understanding of major intrusion techniques as well as collecting traces,
  • Better assemble evidence for the court that is clear and supportive of evidential needs.


The following pre-requisites have been set for this course:

  • Satisfactory completion of the ECTEG Introductory IT Forensics & Network Investigations course or equivalent
  • Good knowledge of TCP/IP protocols, IP address, subnet masks
  • Good knowledge of hexadecimal, computer units, ASCII, Unicode
  • Linux basics command (file manipulation, editing files)
  • Knowledge (even basic) of php, sql would be an advantage
  • Pre-read material has been provided for potential students, and a knowledge check can be sent to them to allow them to assess their level of knowledge prior to the course. One of the first sessions is a Pre-read Review

It is essential that students have a good working knowledge of the English language as the lessons will be delivered in English.

Small list of agenda / topics / main points

Content includes:

  • Linux & Security
  • Attackers Methodology and Motives
  • Infrastructure Attacks
  • Investigators Methodology
  • Server Side Application Attacks
  • Logs
  • Case Study: Scenario 1 – Defaced Website
  • Client Side Attacks
  • Analysis of Suspicious Files
  • ../.. undisclosed topics

If you are interested in applying for this course please read theĀ following page