Subscribe ($699.00)

Security and Network Forensics → Network Forensics with Wireshark

NF Section 3: Filtering for Network Forensics (NFW-3)


Description
Author: Laura Chappell CPE

Credits: 3.5 (Without Labs)

This course delves into filtering techniques that are used in the network forensics environment. Starting with display filter essentials, Laura demonstrates the process of locating conversations of interest and combining filters with operators. Using keyword filters is an important task for forensic analysts as there are often “signatures” within a reconnaissance or an attack data stream. If a simple keyword filter won’t work, it’s time to bring in Regular Expressions (Regex) filters. Finally, Laura turns some of those great filters into buttons for future use.



Module [mm:ss]

3.1 Display Filter Essentials [35:00]

3.2 Conversation Filters [15:06]

3.3 Compound Filters [13:11]

3.4 Keyword Filters [12:07]

3.5 Regular Expression (Regex) Filters [10:56]

3.6 Turn Filters into Buttons [10:24]


Trace Files: wsnf-tracefiles-c3.zip


Content
  • 3.1. Display Filter Essentials
  • 3.2. Conversation Filters
  • 3.3. Compound Filters
  • 3.4. Keyword Filters
  • 3.5. Regular Expression (Regex) Filters
  • 3.6. Turn Filters into Buttons
Completion rules
  • All units must be completed
  • Leads to a certificate with a duration: Forever
Back