Network Traffic Analysis
Saturday, September 9, 2017. 1:00p – 5:30p
This is a hands-on workshop where you will put into practice those things you may have read about or covered in a class. This is also a great opportunity to meet other like-minded women and to keep your skills fresh if you're a veteran!
Packet analysis is a fascinating topic! We analyze network traffic for a variety of reasons, such as troubleshooting, detection of malicious activity, and for forensics, specifically network forensics. Packet analysis is commonly performed in Security Operation Center (SOC) environments, by incident responders, cyber crime investigators, and others. It falls under the category of “Investigate” in the Cybersecurity Workforce Framework.
- Level 100 courses are designed for students with little to no previous IT Security experience, or no experience in the topic(s) being covered. These courses are meant to be introductory level, or provide the training for entry level certifications.
- Level 200 courses are designed for students with some security experience, looking to advance or learn in new topics.
- Level 300 courses are designed to offer expert level courses and training on specific topics. Typically, a general understanding and knowledge of the topic being presented is an expected prerequisite.
**No one is excluded from attending a course at a level higher than their current experience. However, the course will move at the pace designed for the level of the course.
Where do I fit? See full description here
Students in this course will need to bring a Windows laptop with WinHex and FTKImager installed.
In this workshop we will review basic networking concepts and then practice analyzing network captures using a variety of tools such as Wireshark, NetWitness, and Network Miner.
Objectives – What You Will Leave Knowing
Why analyze network traffic
Basic networking concepts, OSI model, TCP/IP stack
Typical network protocols
How to capture network traffic
What “normal” traffic looks like
What malicious traffic looks like
How to extract forensic artifacts
Marcelle Lee is currently working as a malware analyst and is also an adjunct professor in digital forensics and network security. Additionally, she provides security consulting and training services through her company Fractal Security Group, LLC. She is involved with many industry organizations, working groups, and boards, including the Women’s Society of Cyberjutsu, the NIST NICE Cyber Competitions Working Group, and the ISACA CSX Certification Task Force.
Marcelle has earned the CSX-P, GCFA, GCIA, GCIH, GPEN, GISF, GSEC, GCCC, C|EH, CCNA, Security+, Network+, and ACE industry certifications. She holds four degrees, having recently completed a master’s degree in cybersecurity. In 2016 she received the Chesapeake Regional Tech Council Women in Tech (WIT) Award. Marcelle regularly presents at conferences and training events, and has volunteered as a CFP reviewer and speaker mentor.
Prerequisites – What You’re Expected to Know
1-1:30: Set-up, introductions
(Please note that this will be active workshop time - if you have not completed set-up it will be challenging to follow.)
5-6: Wrap-up, Q&A
Laptop, 4GB RAM, the more RAM, the better.
Wireshark for your operating system.
tcpdump or windump
Network Miner, NetWitness (Windows only, optional)
A download link for the workshop materials will be provided.
You can still participate in this workshop as an observer if you do not have a computer available.
Remote and Male Associate Member Participation:
Once registered, you'll receive the meeting participation info by email the day before the workshop. Expect to join 15-30 minutes prior to test your technical configurations. It’s recommended that you have a 2nd monitor to view the screen-sharing.
Early Bird Special - 40% off member and non-member price
Full/Student/Military Member: $80
Associate Member and Remote Attendee: $35
University of Maryland - Computer Science Instructional Center (CSIC)
Bldg 406, Rm 1121
Need to get parking permit ahead of time $17 (there's a football game)
WE ONLY HAVE ROOM FOR 22 ONSITE, SO REGISTER EARLY!