Workshop: Foundations of Network Forensics and Analysis with Troy Wojewoda

Module 1: Introduction to Network Forensics

• • Lecture Topics:

    • • Course overview and objectives
    • • Network architecture: key components, design considerations, and security implications
    • • Types of network artifacts (e.g., logs, packet captures) and methods of acquisition

Module 2: Tools of the Trade

• • Lecture Topics:

    • • Introduction to packet capture and filtering using tcpdump and ngrep
    • • Overview of Wireshark and TShark for packet analysis
    • • Key filtering techniques for isolating relevant traffic
    • • Introduction to Zeek log analysis

Module 3: Hands-On Lab – Traffic Analysis, Filtering, and Data Extraction

• • Lab Activity:

    • • Students will use Wireshark and tcpdump to capture and analyze sample network traffic
    • • Practice applying filters to identify suspicious activity
    • • Extract relevant data for further analysis and/or data stacking
    • • Analyzing Zeek log

Module 4: Protocols and Threats

• • Lecture Topics:

    • • Overview of common network protocols (HTTP, DNS, TCP/IP, etc.)
    • • Introduction to encrypted traffic and its challenges in analysis
    • • Examples of attacker techniques and how they exploit network protocol