Skip to main content

Template Course

Enrollment is Closed

About This Course

Network forensics is a discipline that analyzes computer networks and their traffic to gain detailed knowledge of its operation, users, services, and their interactions. This knowledge is used not only to debug networking issues such as misconfiguration of the networking devices, hosts, or services but also to detect misbehavior, malicious traffic, and intruders. The security aspect of network forensics is growing in importance for the last two decades.

This course, composed of 5 lessons, will teach you how to monitor network traffic using raw packet capture and network flows. You will learn how to explore unknown networks and their services and assess their vulnerabilities. After studying course materials, you will be able to analyze the obtained data to detect malicious behavior and network attacks.

Meet your lecturers

Course Outline

  • Lesson 1 – Network Forensics Basics
  • Lesson 2 – Packet Capture and Analysis
  • Lesson 3 – NetFlow/IPFIX Capture and Analysis
  • Lesson 4 – Network Attacks and their Detection
  • Lesson 5 – Network Reconnaissance


  • Familiarity with Ethernet and TCP/IP protocols
  • User experience with Linux and Windows operating systems
  • Knowledge of OS processes and network communication
  • Experience with command line and scripting (running programs and understand their arguments, processing text output)

Learning Outcomes

Once you finish this course, you will be able to:

  • Understand basic networking concepts in modern operating systems
  • Capture and analyze network traffic
  • Understand network flow monitoring and be able to deploy it on a network
  • Analyze flow records and extract information related to events and incidents in the monitored network
  • Understand network attacks and their detection in traffic
  • Analyze unknown network infrastructure and gain information about potential vulnerabilities


  • R. Messier, Network Forensics. Indianapolis: Wiley, 2017.
  • R. Bejtlich, The practice of network security monitoring: understanding incident detection and response. San Francisco, CA: No starch press, c[2013].


    Q: I have an issue with registration/logging in. Who can I contact?
    A: In this case, please contact our edX administrator —
    Q: Do I need some sort of special equipment for passing the course?
    A: No. You don't need any special equipment. You will just basically need a PC or a notebook with an internet connection for studying our course.
    Q: What's the difference between your course and other online courses that seem the same?
    A: Besides the course's theoretical background (during its self-study part), it is primarily focused on practical tasks with hands-on exercises, final an assignment, and one day workshop.
    Q: I have some experience in the field that your course covers. I just need to study topics I am not experienced with. Can I just skip those parts of the course I already know?
    A: The whole self-study part of the course is focused on your own learning process. It means you can study as fast or as slow as you can at the moment. It also includes the content itself — our course allows you to learn just those important parts. But it is crucial to accomplish all mandatory tasks to finish our course.
    Q: What are the conditions for successful completion of the course?
    A: You need to accomplish the course's final assignment and be present at the workshop (which will be followed after the self-study part of the course). The final assignment consists of two parts. They are connected to the workshop, so they are a crucial element of this course.
    Q: What if I find out that the course is not useful for me?
    A: Of course, this can happen. In the first place, we recommend you contact the course administrator to help you anyhow. Even after that, if you still feel that our course does not suit you, just stop studying and let us know.

Sub-project TN01000077/8 CSIRT BootCamp implemented within the project TN01000077 The National Center of Competence for Cybersecurity is solved with the financial support of TA ČR.