Goal

Integrate techniques for investigation and large-scale analysis, preparing for incident response scenarios.

Concepts

  • Network forensics
  • Event correlation and log pipelines
  • Intro to SIEM and analysis automation

Tools

  • tshark, zeek/bro, python for scripting
  • Analysis platforms (ELK, Splunk — theoretical study)

Suggested labs

Lab 13 - Jump Host

Security assessment of an industrial network involving IT-to-OT pivoting, service discovery and enumeration.

Advanced 120 min

Practical exercises

  • Build a script that parses multiple pcaps and aggregates statistics by port and conversation
  • Simulate an incident and document an investigation timeline