Learn your way! Get started

Forensic Investigator, Part 8: Network and Email Forensics

with expert David Bigger


Watch trailer


Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 8/16/2017
Level Intermediate
Runtime 1h 39m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code N/A
Exams Included


Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More



Course description

When is the last time you sent an email? Have you used a network lately to surf the Internet or post to your Facebook? Networks and email are an integral part of today’s enterprise infrastructures, not to mention everyday life at home. Knowing where to look for evidence on a network, if it’s a firewall, IPS/IDS solution, or a router is essential for an investigator. Do we check the logs first or is there another place to look? What about emails? Do we know where to find evidence there? If you know where to look, what exactly will you be looking for? Coming up we will answer all these questions and more on your way to becoming a forensic investigator. This course is part of a series covering the EC-Council Computer Hacking Forensic Investigator (CHFI).

Prerequisites

Recommended: Understanding of networking; How data flows from source and destination Computer security basics such as passwords, encryption and physical security Basic understanding of computing and computer systems Experience with various operating systems

Learning Paths

This course will help you prepare for the following certification and exam:
Computer Hacking Forensic Investigator

Meet the expert

David Bigger David Bigger is the lead trainer at Bigger IT Solutions. He has been information technology for a little over 20 years and has been training all over the US. He has worked with companies like US Military, Lockheed Martin, General Dynamics, Dominos Pizza, University of Utah and Expedia


Course outline



Network and Email Forensics

Network Review (18:51)
  • Introduction (00:26)
  • Quick Networking Review (02:10)
  • IP Addressing (04:18)
  • Networking Devices (02:28)
  • DNS (00:06)
  • DHCP (01:16)
  • Routers (01:59)
  • IDS/IPS (01:41)
  • Firewalls (02:21)
  • Routing (01:40)
  • Summary (00:20)
Network Forensics (14:48)
  • Introduction (00:18)
  • What to Look for in Network Forensics (01:42)
  • Log Files (02:21)
  • Log Usage and Legalities (03:47)
  • Log Collection (01:38)
  • Event Correlation (02:07)
  • Centralized Logging (01:11)
  • Centralized Logging Advantages (01:22)
  • Summary (00:19)
Firewall Analysis (08:19)
  • Introduction (00:19)
  • Firewall Analysis (03:04)
  • Checkpoint Firewall Forensics (01:39)
  • Cisco Firewalls (02:55)
  • Summary (00:19)
IDS Analysis (06:15)
  • Introduction (00:21)
  • IDS Analysis (01:47)
  • Juniper IDS (00:54)
  • Juniper IDS Logs (00:52)
  • Checkpoint IDS (02:01)
  • Summary (00:17)
Router Analysis (06:45)
  • Introduction (00:22)
  • Router Analysis (01:17)
  • Cisco Routers (02:54)
  • Juniper Routers (01:51)
  • Summary (00:19)
Live Analysis (09:38)
  • Introduction (00:23)
  • Live Analysis (05:42)
  • Wireshark (01:53)
  • Live Analysis, Continued (01:20)
  • Summary (00:19)
Email Review (10:13)
  • Introduction (00:24)
  • Email Review (05:11)
  • Email Review, Protocols (04:22)
  • Summary (00:14)
Email Crimes (13:36)
  • Introduction (00:22)
  • What Can Happen (01:50)
  • What Can Happen, Identity Fraud (01:54)
  • What Can Happen, Cyber Stalking (02:42)
  • What Can Happen, Child Abuse (02:01)
  • What Can Happen, Human Trafficking (01:46)
  • Tools to Use (02:37)
  • Summary (00:21)
Email Analysis (10:32)
  • Introduction (00:20)
  • Where to Find Email Evidence (00:31)
  • Email Header (02:08)
  • Where to Find Email Evidence, Client Information (01:48)
  • Email Headers, Information Focus (00:47)
  • Where to Find Email Evidence, Files (02:58)
  • Email Logs (01:35)
  • Summary (00:20)