Forensic Investigator, Part 08 of 10: Network and Email Forensics

Course description

When is the last time you sent an email? Have you used a network lately to surf the Internet or post to your Facebook? Networks and email are an integral part of today’s enterprise infrastructures, not to mention everyday life at home. Knowing where to look for evidence on a network, if it’s a firewall, IPS/IDS solution, or a router is essential for an investigator. Do we check the logs first or is there another place to look? What about emails? Do we know where to find evidence there? If you know where to look, what exactly will you be looking for? Coming up we will answer all these questions and more on your way to becoming a forensic investigator. This course is part of a series covering the EC-Council Computer Hacking Forensic Investigator (CHFI).

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.

Prerequisites

Recommended: Understanding of networking; How data flows from source and destination Computer security basics such as passwords, encryption and physical security Basic understanding of computing and computer systems Experience with various operating systems

Meet the expert

David Bigger

David Bigger is the lead trainer at Bigger IT Solutions. He has been information technology for a little over 20 years and has been training all over the US. He has worked with companies like US Military, Lockheed Martin, General Dynamics, Dominos Pizza, University of Utah and Expedia

Video Runtime

99 Minutes

Time to complete

119 Minutes

Course Outline

Network and Email Forensics

Network Review (18:51)

• Introduction (00:26)
• Quick Networking Review (02:10)
• IP Addressing (04:18)
• Networking Devices (02:28)
• DNS (00:06)
• DHCP (01:16)
• Routers (01:59)
• IDS/IPS (01:41)
• Firewalls (02:21)
• Routing (01:40)
• Summary (00:20)

Network Forensics (14:48)

• Introduction (00:18)
• What to Look for in Network Forensics (01:42)
• Log Files (02:21)
• Log Usage and Legalities (03:47)
• Log Collection (01:38)
• Event Correlation (02:07)
• Centralized Logging (01:11)
• Centralized Logging Advantages (01:22)
• Summary (00:19)

Firewall Analysis (08:19)

• Introduction (00:19)
• Firewall Analysis (03:04)
• Checkpoint Firewall Forensics (01:39)
• Cisco Firewalls (02:55)
• Summary (00:19)

IDS Analysis (06:15)

• Introduction (00:21)
• IDS Analysis (01:47)
• Juniper IDS (00:54)
• Juniper IDS Logs (00:52)
• Checkpoint IDS (02:01)
• Summary (00:17)

Router Analysis (06:45)

• Introduction (00:22)
• Router Analysis (01:17)
• Cisco Routers (02:54)
• Juniper Routers (01:51)
• Summary (00:19)

Live Analysis (09:38)

• Introduction (00:23)
• Live Analysis (05:42)
• Wireshark (01:53)
• Live Analysis, Continued (01:20)
• Summary (00:19)

Email Review (10:13)

• Introduction (00:24)
• Email Review (05:11)
• Email Review, Protocols (04:22)
• Summary (00:14)

Email Crimes (13:36)

• Introduction (00:22)
• What Can Happen (01:50)
• What Can Happen, Identity Fraud (01:54)
• What Can Happen, Cyber Stalking (02:42)
• What Can Happen, Child Abuse (02:01)
• What Can Happen, Human Trafficking (01:46)
• Tools to Use (02:37)
• Summary (00:21)

Email Analysis (10:32)

• Introduction (00:20)
• Where to Find Email Evidence (00:31)
• Email Header (02:08)
• Where to Find Email Evidence, Client Information (01:48)
• Email Headers, Information Focus (00:47)
• Where to Find Email Evidence, Files (02:58)
• Email Logs (01:35)
• Summary (00:20)