Workshop: Foundations of Network Forensics and Analysis with Troy Wojewoda

Overview
- Course Length: 4 hours
- Support from expert instructors
- Includes a certificate of completion
In this 4-hour workshop we will introduce students to the core concepts of network forensics, including network architecture, packet analysis tools, and basic traffic analysis techniques.
Hands-on labs have been created with real-world scenarios that are used to reinforce the training material.
By the end of the session, students will have a solid understanding of network forensic fundamentals, be familiar with key tools, and gain hands-on experience in analyzing network traffic.
Syllabus:
Module 1: Introduction to Network Forensics
- Lecture Topics:
- Course overview and objectives
- Network architecture: key components, design considerations, and security implications
- Types of network artifacts (e.g., logs, packet captures) and methods of acquisition
Module 2: Tools of the Trade
- Lecture Topics:
- Introduction to packet capture and filtering using tcpdump and ngrep
- Overview of Wireshark and TShark for packet analysis
- Key filtering techniques for isolating relevant traffic
- Introduction to Zeek log analysis
Module 3: Hands-On Lab – Traffic Analysis, Filtering, and Data Extraction
- Lab Activity:
- Students will use Wireshark and tcpdump to capture and analyze sample network traffic
- Practice applying filters to identify suspicious activity
- Extract relevant data for further analysis and/or data stacking
- Analyzing Zeek log
Module 4: Protocols and Threats
- Lecture Topics:
- Overview of common network protocols (HTTP, DNS, TCP/IP, etc.)
- Introduction to encrypted traffic and its challenges in analysis
- Examples of attacker techniques and how they exploit network protocol
Virtual (July 25th, 2025)
- July 25th – 11 AM EST – 4 PM EST
Student/Lab Requirements:
- A system with a browser and solid internet connection
- You will need a web browser, to register via MetaCTF, and to pay a small fee for Virtual Machine resource utilization (approx. $5 for a four-hour workshop)
Who Should Attend/Prerequisites:
This workshop is intended for those getting started in the fields of: Monitoring & Incident Response, digital forensics, and/or threat hunting. The workshop will also include tips and techniques for those with a familiarity in network traffic analysis, looking to enhance their capabilities.
Audience Skill Level:
- Beginner/Intermediate
Live Training
- Pay What You Can
- Collaborative interaction with Instructor and fellow students through the Antisyphon Discord class channel
- Access to course slides for future reference
- Tips, tools, and techniques that can be applied immediately upon returning to work
- Strengthen your skills by solving challenges within the Antisyphon Cyber Range
- Become part of a community driven to educate and share knowledge
Similar Courses
Aug 18th
– Aug 21st