Network Forensics for Incident Response
Where
This is not the same address as the conference! Same building but different entrance.
Söder Mälarstrand 57
118 25 Stockholm
Day 1 (2023-09-12)
8.30 – 09.00 | Registration & breakfast |
9.00 – 12.00 | Training |
12.00 – 13.00 | Lunch |
13.00 – 15.00 | Training |
15.00 – 15.30 | Coffee break |
15.30 – 17.00 | Training |
Day 2 (2023-09-13)
8.30 – 09.00 | Registration & breakfast |
9.00 – 12.00 | Training |
12.00 – 13.00 | Lunch |
13.00 – 15.00 | Training |
15.00 – 15.30 | Coffee break |
15.30 – 17.00 | Training |
A hands-on network forensics training that allows you to deep dive into analyzing captured full content network traffic in PCAP files. The training data is a completely new and unique data set captured during 30 days on an Internet connected network with multiple clients, an AD server, a web server, an android tablet and some embedded devices.
We will analyze traffic from multiple intrusions by various attackers, including APT style attackers and botnet operators. The initial attack vectors are using techniques like exploitation of web vulnerabilities, spear phishing, a supply chain attack and a man-on-the-side attack!
Each attendee will be provided with a free single user license of NetworkMiner Professional and CapLoader. These licenses will be valid for six months from the first training day.
Duration
2 days (8 + 8 hours)
Student Prerequisites
Students should be familiar with Linux command line tools and have basic TCP/IP knowledge.
The instructor
Erik Hjelmvik is an incident responder and developer who is well known in the network forensics field for having created NetworkMiner, which is used by incident responders and law enforcement all around the world. Erik has a background in SCADA security and has spent over 5 years doing incident response at one of the best CERTs in Sweden. Nowadays Erik runs the company Netresec AB, where he develops network forensics software and occasionally teaches network forensic classes.