Difference between pages "NetworkMiner" and "Training Courses and Providers"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
(On-going / Continuous Training)
 
Line 1: Line 1:
[http://networkminer.wiki.sourceforge.net/NetworkMiner NetworkMiner] is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
+
This is the list of Training Providers, who offer training courses of interest to practitioners and researchers in the field of Digital Forensics.   Conferences which may include training are located on the [[Upcoming_events]] page.
  
The purpose of NetworkMiner is to collect data (such as forensic evidence) about hosts on the network rather than to collect data regarding the traffic on the network. The main view is host centric (information grouped per host) rather than packet centric (information showed as a list of packets/frames).
+
<b>PLEASE READ BEFORE YOU EDIT THE LIST BELOW</b><br>
 +
Some training providers offer on-going training courses that are available in an on-line "any time" format. Others have regularly scheduled training that is the same time each month.  Others have recurring training but are scheduled at various times throughout the year. Providers training courses should be listed in alphabetical order, and should be listed in the appropriate section. Non-Commercial training is typically offered by governmental agencies or organizations that directly support law enforcement.  Tool Vendor training is training offered directly by a specific tool vendor, which may apply broadly, but generally is oriented to the vendor's specific tool (or tool suite).  Commercial Training is training offered by commercial companies which may or may not be oriented to a specific tool/tool suite, but is offered by a company other than a tool vendor.
  
NetworkMiner performs [[OS fingerprinting]] based on TCP SYN and SYN+ACK packet by using [[OS fingerprinting]] databases from p0f (by Michal Zalewski) and Ettercap (by Alberto Ornaghi and Marco Valleri). NetworkMiner can also perform [[OS fingerprinting]] based on DHCP packets (which usually are broadcast packets) by making use of the Satori (by Eric Kollmann) [[OS fingerprinting]] database from FingerBank. NetworkMiner also uses the MAC-vendor list from Nmap (by Fyodor).
+
<i>Some training opportunities may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
 +
== On-going / Continuous Training ==
 +
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="40%"|Title
 +
! width="20%"|Date/Location
 +
! width="40%"|Website
 +
|-
 +
|- style="background:pink;align:left"
 +
! DISTANCE LEARNING
 +
|-
 +
|Basic Computer Examiner Course - Computer Forensic Training Online
 +
|Distance Learning Format
 +
|http://www.cftco.com
 +
|-
 +
|SANS On-Demand Training
 +
|Distance Learning Format
 +
|http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
 +
|-
 +
|Champlain College - CCE Course
 +
|Online / Distance Learning Format
 +
|http://online.champlain.edu/computer-forensics-digital-investigation/CFDI_440
 +
|-
 +
|National Center for Media Forensics
 +
|Distance and Concentrated Audio/Video/Image Forensics
 +
|http://cam.ucdenver.edu/ncmf
 +
|-
 +
|- style="background:pink;align:left"
 +
!RECURRING TRAINING
 +
|-
 +
|Evidence Recovery for Windows 7&reg; operating system;
 +
|First full week every month<br>Brunswick, GA
 +
|http://www.internetcrimes.net
 +
|-
 +
|Evidence Recovery for Windows 8&reg;
 +
|Second full week every month<br>Brunswick, GA
 +
|http://www.internetcrimes.net
 +
|-
 +
|Evidence Recovery for Windows Server&reg; 2008 and 2012
 +
|Third full week every month<br>Brunswick, GA
 +
|http://www.internetcrimes.net
 +
|-
 +
|}
  
NetworkMiner can extract files and certificates transferred over the network by parsing a PCAP file or by sniffing traffic directly from the network. This is a neat function that can be used to extract and [http://networkminer.wiki.sourceforge.net/save+media+files save media files] (such as audio or video files) which are streamed across a network. Supported protocols for file extraction are FTP, HTTP and SMB.
+
==Non-Commercial Training==
 +
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="40%"|Title
 +
! width="40%"|Website
 +
! width="20%"|Limitation
 +
|-
 +
|Defense Cyber Investigations Training Academy (DCITA)
 +
|http://www.dc3.mil/dcita/dcitaAbout.php
 +
|Limited To Certain Roles within US Government Agencies[http://www.dc3.mil/dcita/dcitaRegistration.php (1)]
 +
|-
 +
|Federal Law Enforcement Training Center
 +
|http://www.fletc.gov/training/programs/technical-operations-division
 +
|Limited To Law Enforcement
 +
|-
 +
|MSU National Forensics Training Center
 +
|http://www.security.cse.msstate.edu/ftc
 +
|Limited To Law Enforcement
 +
|-
 +
|IACIS
 +
|http://www.iacis.com/training/course_listings
 +
|Limited To Law Enforcement and Affiliate Members of IACIS
 +
|-
 +
|SEARCH
 +
|http://www.search.org/programs/hightech/courses/
 +
|Limited To Law Enforcement
 +
|-
 +
|National White Collar Crime Center
 +
|http://www.nw3c.org/training
 +
|Limited To Law Enforcement
 +
|-
 +
|}
  
User credentials (usernames and passwords) for supported protocols are extracted by NetworkMiner and displayed under the "Credentials" tab. Please be considerate when displaying the contents of this tab to the public.
+
==Tool Vendor Training==
 +
{| border="0" cellpadding="2" cellspacing="2" align="top"
 +
|- style="background:#bfbfbf; font-weight: bold"
 +
! width="40%"|Title
 +
! width="40%"|Website
 +
! width="20%"|Limitation
 +
|-
 +
|AccessData (Forensic Tool Kit FTK)
 +
|http://accessdata.com/training
 +
|-
 +
|ASR Data (SMART)
 +
|http://www.asrdata.com/forensic-training/overview/
 +
|-
 +
|ATC-NY (P2P Marshal, Mac Marshal)
 +
|http://p2pmarshal.atc-nycorp.com/index.php/training http://macmarshal.atc-nycorp.com/index.php/training
 +
|-
 +
|BlackBag Technologies (Mac Forensic Tools- BlackLight and SoftBlock)
 +
|https://www.blackbagtech.com/training.html
 +
|-
 +
|Cellebrite (UFED)
 +
|http://www.cellebrite.com/mobile-forensic-training.html
 +
|-
 +
|CPR Tools (Data Recovery)
 +
|http://www.cprtools.net/training.php
 +
|-
 +
|Digital Intelligence (FRED Forensics Platform)
 +
|http://www.digitalintelligence.com/forensictraining.php
 +
|-
 +
|e-fense, Inc. (Helix3 Pro)
 +
|http://www.e-fense.com/training/index.php
 +
|-
 +
|Forward Discovery (Cellebrite, EnCase, Mac Forensics)
 +
|http://www.forwarddiscovery.com/training
 +
|-
 +
|Guidance Software (EnCase)
 +
|http://www.guidancesoftware.com/computer-forensics-training-courses.htm
 +
|-
 +
|Micro Systemation (XRY)
 +
|http://www.msab.com/training/schedule
 +
|-
 +
|Nuix (eDiscovery)
 +
|http://www.nuix.com.au/training
 +
|-
 +
|Paraben (Paraben Suite)
 +
|http://www.paraben-training.com/schedule.html
 +
|-
 +
|Software Analysis & Forensic Engineering (CodeSuite)
 +
|http://www.safe-corp.biz/training.htm
 +
|-
 +
|Technology Pathways(ProDiscover)
 +
|http://www.techpathways.com/DesktopDefault.aspx?tabindex=6&tabid=9
 +
|-
 +
|Volatility Labs (Volatility Framework)
 +
|http://volatility-labs.blogspot.com/search/label/training
 +
|-
 +
|WetStone Technologies (Gargoyle, Stego Suite, LiveWire Investigator)
 +
|https://www.wetstonetech.com/trainings.html
 +
|-
 +
|X-Ways Forensics (X-Ways Forensics)
 +
|http://www.x-ways.net/training/
 +
|-
 +
|}
  
Another very useful feature is that the user can [http://networkminer.wiki.sourceforge.net/Keyword+Search search sniffed or stored data for keywords]. NetworkMiner allows the user to insert arbitrary string or byte-patterns that shall be searched for with the keyword search functionality.
+
==Commercial Training (Non-Tool Vendor)==
 
+
{| border="0" cellpadding="2" cellspacing="2" align="top"
Version 0.84 (and newer) of NetworkMiner support [http://networkminer.wiki.sourceforge.net/WiFi+Sniffing sniffing and parsing of WLAN (IEEE 802.11) traffic]. NetworkMiner does however currently only support WiFi sniffing with AirPcap adapters.
+
|- style="background:#bfbfbf; font-weight: bold"
 
+
! width="40%"|Title
A feature which is planned to be included in future versions of NetworkMiner is to use statistical methods to do protocol identification (protocol fingerprinting) of a TCP session or UDP data. This means that instead of looking at the port number to guess which protocol is used on top of the TCP/UDP packet NetworkMiner will identify the correct protocol based on the TCP/UDP packet content. This way NetworkMiner will be able to identify protocols even if the service is run on a non-standard port. Richard Bejtlich calls this type of functionality [http://taosecurity.blogspot.com/2006/09/port-independent-protocol.html "Port Independent Protocol Identification" (PIPI)].
+
! width="40%"|Website
 +
! width="20%"|Limitation
 +
|-
 +
|Applied Security (Digital Forensics Training)
 +
|http://www.appliedsec.com/forensics/training.html
 +
|-
 +
|BerlaCorp iOS and GPS Forensics Training
 +
|http://www.berlacorp.com/training.html
 +
|-
 +
|Computer Forensic Training Center Online (CFTCO)
 +
|http://www.cftco.com/
 +
|-
 +
|CCE Bootcamp
 +
|http://www.cce-bootcamp.com/
 +
|-
 +
|Cyber Security Academy
 +
|http://www.cybersecurityacademy.com/
 +
|-
 +
|Dera Forensics Group
 +
|http://www.deraforensicgroup.com/courses.htm
 +
|-
 +
|e-fense Training
 +
|http://www.e-fense.com/training/index.php
 +
|-
 +
|Forward Discovery, Inc.
 +
|http://www.forwarddiscovery.com
 +
|-
 +
|H-11 Digital Forensics
 +
|http://www.h11-digital-forensics.com/training/viewclasses.php
 +
|-
 +
|High Tech Crime Institute
 +
|http://www.gohtci.com
 +
|-
 +
|Infosec Institute
 +
|http://www.infosecinstitute.com/courses/security_training_courses.html
 +
|-
 +
|Intense School (a subsidiary of Infosec Institute)
 +
|http://www.intenseschool.com/schedules
 +
|-
 +
|MD5 Group (Computer Forensics and E-Discovery courses)(Dallas, TX)
 +
|http://www.md5group.com
 +
|-
 +
|Mile 2 (Security and Forensics Certification Training)
 +
|https://www.mile2.com/mile2-online-estore/classess.html
 +
|-
 +
|Mobile Forensics, Inc
 +
|http://mobileforensicsinc.com/
 +
|-
 +
|NetSecurity
 +
|http://www.netsecurity.com/training/registration_schedule.html
 +
|-
 +
|NID Forensics Academy (Certified Digital Forensic Investigator - CDFI Program)
 +
|http://www.nidforensics.com.br/
 +
|-
 +
|NTI (an Armor Forensics Company) APPEARS DEFUNCT
 +
|http://www.forensics-intl.com/training.html
 +
|-
 +
|Security University
 +
|http://www.securityuniversity.net/classes.php
 +
|-
 +
|Steganography Analysis and Research Center (SARC)
 +
|http://www.sarc-wv.com/training
 +
|-
 +
|Sumuri, LLC - Mac, Mobile, iLook Training
 +
|http://www.sumuri.com/
 +
|-
 +
|SysAdmin, Audit, Network, Security Institute (SANS)
 +
|http://computer-forensics.sans.org/courses/
 +
|-
 +
|Teel Technologies Mobile Device Forensics Training
 +
|http://www.teeltech.com/tt3/training.asp
 +
|-
 +
|viaForensics Advanced Mobile Forensics Training
 +
|http://viaforensics.com/education/calendar/
 +
|-
 +
|Zeidman Consulting (MCLE)
 +
|http://www.zeidmanconsulting.com/speaking.htm
 +
|-
 +
|}

Revision as of 14:25, 13 June 2014

This is the list of Training Providers, who offer training courses of interest to practitioners and researchers in the field of Digital Forensics. Conferences which may include training are located on the Upcoming_events page.

PLEASE READ BEFORE YOU EDIT THE LIST BELOW
Some training providers offer on-going training courses that are available in an on-line "any time" format. Others have regularly scheduled training that is the same time each month. Others have recurring training but are scheduled at various times throughout the year. Providers training courses should be listed in alphabetical order, and should be listed in the appropriate section. Non-Commercial training is typically offered by governmental agencies or organizations that directly support law enforcement. Tool Vendor training is training offered directly by a specific tool vendor, which may apply broadly, but generally is oriented to the vendor's specific tool (or tool suite). Commercial Training is training offered by commercial companies which may or may not be oriented to a specific tool/tool suite, but is offered by a company other than a tool vendor.

Some training opportunities may be limited to Law Enforcement Only or to a specific audience. Such restrictions should be noted when known.

On-going / Continuous Training

Title Date/Location Website
DISTANCE LEARNING
Basic Computer Examiner Course - Computer Forensic Training Online Distance Learning Format http://www.cftco.com
SANS On-Demand Training Distance Learning Format http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
Champlain College - CCE Course Online / Distance Learning Format http://online.champlain.edu/computer-forensics-digital-investigation/CFDI_440
National Center for Media Forensics Distance and Concentrated Audio/Video/Image Forensics http://cam.ucdenver.edu/ncmf
RECURRING TRAINING
Evidence Recovery for Windows 7® operating system; First full week every month
Brunswick, GA
http://www.internetcrimes.net
Evidence Recovery for Windows 8® Second full week every month
Brunswick, GA
http://www.internetcrimes.net
Evidence Recovery for Windows Server® 2008 and 2012 Third full week every month
Brunswick, GA
http://www.internetcrimes.net

Non-Commercial Training

Title Website Limitation
Defense Cyber Investigations Training Academy (DCITA) http://www.dc3.mil/dcita/dcitaAbout.php Limited To Certain Roles within US Government Agencies(1)
Federal Law Enforcement Training Center http://www.fletc.gov/training/programs/technical-operations-division Limited To Law Enforcement
MSU National Forensics Training Center http://www.security.cse.msstate.edu/ftc Limited To Law Enforcement
IACIS http://www.iacis.com/training/course_listings Limited To Law Enforcement and Affiliate Members of IACIS
SEARCH http://www.search.org/programs/hightech/courses/ Limited To Law Enforcement
National White Collar Crime Center http://www.nw3c.org/training Limited To Law Enforcement

Tool Vendor Training

Title Website Limitation
AccessData (Forensic Tool Kit FTK) http://accessdata.com/training
ASR Data (SMART) http://www.asrdata.com/forensic-training/overview/
ATC-NY (P2P Marshal, Mac Marshal) http://p2pmarshal.atc-nycorp.com/index.php/training http://macmarshal.atc-nycorp.com/index.php/training
BlackBag Technologies (Mac Forensic Tools- BlackLight and SoftBlock) https://www.blackbagtech.com/training.html
Cellebrite (UFED) http://www.cellebrite.com/mobile-forensic-training.html
CPR Tools (Data Recovery) http://www.cprtools.net/training.php
Digital Intelligence (FRED Forensics Platform) http://www.digitalintelligence.com/forensictraining.php
e-fense, Inc. (Helix3 Pro) http://www.e-fense.com/training/index.php
Forward Discovery (Cellebrite, EnCase, Mac Forensics) http://www.forwarddiscovery.com/training
Guidance Software (EnCase) http://www.guidancesoftware.com/computer-forensics-training-courses.htm
Micro Systemation (XRY) http://www.msab.com/training/schedule
Nuix (eDiscovery) http://www.nuix.com.au/training
Paraben (Paraben Suite) http://www.paraben-training.com/schedule.html
Software Analysis & Forensic Engineering (CodeSuite) http://www.safe-corp.biz/training.htm
Technology Pathways(ProDiscover) http://www.techpathways.com/DesktopDefault.aspx?tabindex=6&tabid=9
Volatility Labs (Volatility Framework) http://volatility-labs.blogspot.com/search/label/training
WetStone Technologies (Gargoyle, Stego Suite, LiveWire Investigator) https://www.wetstonetech.com/trainings.html
X-Ways Forensics (X-Ways Forensics) http://www.x-ways.net/training/

Commercial Training (Non-Tool Vendor)

Title Website Limitation
Applied Security (Digital Forensics Training) http://www.appliedsec.com/forensics/training.html
BerlaCorp iOS and GPS Forensics Training http://www.berlacorp.com/training.html
Computer Forensic Training Center Online (CFTCO) http://www.cftco.com/
CCE Bootcamp http://www.cce-bootcamp.com/
Cyber Security Academy http://www.cybersecurityacademy.com/
Dera Forensics Group http://www.deraforensicgroup.com/courses.htm
e-fense Training http://www.e-fense.com/training/index.php
Forward Discovery, Inc. http://www.forwarddiscovery.com
H-11 Digital Forensics http://www.h11-digital-forensics.com/training/viewclasses.php
High Tech Crime Institute http://www.gohtci.com
Infosec Institute http://www.infosecinstitute.com/courses/security_training_courses.html
Intense School (a subsidiary of Infosec Institute) http://www.intenseschool.com/schedules
MD5 Group (Computer Forensics and E-Discovery courses)(Dallas, TX) http://www.md5group.com
Mile 2 (Security and Forensics Certification Training) https://www.mile2.com/mile2-online-estore/classess.html
Mobile Forensics, Inc http://mobileforensicsinc.com/
NetSecurity http://www.netsecurity.com/training/registration_schedule.html
NID Forensics Academy (Certified Digital Forensic Investigator - CDFI Program) http://www.nidforensics.com.br/
NTI (an Armor Forensics Company) APPEARS DEFUNCT http://www.forensics-intl.com/training.html
Security University http://www.securityuniversity.net/classes.php
Steganography Analysis and Research Center (SARC) http://www.sarc-wv.com/training
Sumuri, LLC - Mac, Mobile, iLook Training http://www.sumuri.com/
SysAdmin, Audit, Network, Security Institute (SANS) http://computer-forensics.sans.org/courses/
Teel Technologies Mobile Device Forensics Training http://www.teeltech.com/tt3/training.asp
viaForensics Advanced Mobile Forensics Training http://viaforensics.com/education/calendar/
Zeidman Consulting (MCLE) http://www.zeidmanconsulting.com/speaking.htm