Network Forensics -Workshop

Main Speaker:



Seminar Categories:


Workshop seminar

Course ID:




Daily seminar
Live Digital Sessions


Network forensics relates to the analysis of network traffic to identify unwanted behavior and extract evidence to support research. Compared to host forensics, where evidence is usually collected from disks and memory, network data is gathered from NICs as pcap files or event analysis tools logs and it requires a different research approach. This course sets the groundwork of understanding network data stores and the investigation process on them. Students will learn the fundamentals of conducting forensic analysis in a network environment. This course will incorporate demonstrations and lab exercises to reinforce hands-on capabilities.

Who Should Attend

The course targets participants with basic knowledge in IT or networking, who wish to have a deeper understanding of cyber investigations and the forensic process. Primarily:

  • SOC operators
  • Incident responders
  • Computer investigators
  • IT/network administrators
  • IT security personnel
  • Junior cyber forensics analysts


  • Basic understanding of computer networking
  • Basic understanding of Linux

Course Contents

  • Forensic approach to network analysis
  • Internal traffic analysis
  • External traffic analysis
  • Offline network traffic analysis
  • Tsurugi investigation platform
  • Evidence collection
  • Investigations with TCPdump
  • Investigations with Tshark
  • Investigations with Wireshark (GUI)
  • File extraction