Network forensics is one the most important sub-disciplines within digital forensics. In network forensics, we are trying to determine the who, what and where of an intrusion into our network. Much of this information can be obtained from from our log files, IDS's, firewalls and analyzed with tools such as Wireshark.
In this section we will begin with learning to use Wireshark and advance to analyzing IDS alerts, firewall logs, Wi-Fi AP logs and our system logs to discern what has taken place on our network.
1. Wireshark Basics, Part 1
2. Wireshark Basics, Part 2
3. Analyzing a SCADA Attack
4. Analyzing NSA's EternalBlue
5. Splunk for Security Monitoring, Part 1
6. Splunk Processing Language
7. Splunk Creating a Real-Time Alerts
6. Snort (Intro, Creating Rules, Config, and Testing)
7. tcpdump for network Analysis