Network Forensics and Incident Response w/ Troy Wojewoda

Network Forensics and Incident Response
w/ Troy Wojewoda (
16 Hours)

Instructor: Troy Wojewoda

Includes: Certificate of completion, six months of complimentary access to the BHIS Antisyphon Cyber Range

Incident responders are continually faced with the challenge of collecting and analyzing relevant event data—network communications is no exception. This course uses an assortment of network data acquisition tools and techniques with a focus on open-source, vendor-neutral solutions. Students who take this course will learn how to perform network traffic and protocol analysis that ultimately supports cybersecurity incident response efforts. From reconnaissance to data exfiltration, network traffic scales to provide a bird’s-eye view of attacker activity. Leveraging the vantage point of key network traffic chokepoints, this course explores nearly every phase of an attacker’s methodology. Students will learn network traffic analysis concepts and work through hands-on lab exercises that reinforce the course material using real-world attack scenarios.


  • Learn fundamental concepts of incident handling and response
  • Gain insight into attacker methodologies and learn various techniques to uncover adversarial activity
  • Learn how to detect network protocol abuse against common protocols found in enterprise environments
  • Students will get hands-on experience:
    • Analyzing network packet captures with a variety of tools, techniques, and filtering options
    • Extracting files and metadata from network packet captures
    • Creating custom Zeek scripts to support incident response efforts
    • Creating custom Zeek scripts for Zeek log enrichment
    • Analyzing network flow data
    • Real-world attack scenarios and techniques for response
    • Methods to aid investigators when dealing with the challenges of encrypted communications
    • A culminating CTF challenge combining all course learning objectives



  • Incident Responders 
  • SOC Analysts 
  • Digital Forensic Investigators 
  • Network Threat Hunters 
  • Information Technology/Security enthusiasts wanting to expand their knowledge on network traffic analysis 


  • Familiarity with the OSI and TCP/IP models 
  • General understanding of common network protocols found in enterprise environments (DNS, HTTP, SMTP, etc.)  
  • 1-2 years of experience in network/security operations, incident response, or threat hunting 
  • See also, Student Requirements section below. 


The following prerequisites are recommended for students to successfully complete all of the hands-on exercises (labs): 

  • Students should be comfortable operating from the command-line in Debian-based Linux distributions such as Ubuntu. 
  • Students should be comfortable opening network packet capture files with tools like Tcpdump, Wireshark/Tshark. 
  • Students should be comfortable installing and running virtual machines on their computer. 
  • Although programming experience is not a requirement, students should be comfortable editing and running scripts such as Bash and Python.  


Students will need to have all of the following resources to participate in all of the hands-on exercises (labs): 

  • High-speed Internet sufficient for participating in a video conference/webinar 
  • A computer with a minimum of 8GB RAM, 100GB of free disk space. 
  • System must be able to run an Ubuntu 20.04 LTS 64-bit VM with the following minimum specs: 4GB RAM, 60GB disk space, 2 virtual processors.  
  • VMWare Workstation/Player 16.x OR VMWare Fusion 12.x  


  • A PDF copy of all slides 
  • A Hands-on Lab Guide with instructions for completing each exercise 
  • A Debian-based VM with additional tools installed for each lab exercise  
  • Six months of free access to our Cyber Range 


Troy Wojewoda is a security analyst and penetration tester at Black Hills Information Security. Prior to joining BHIS, Troy has held roles in application and system administration, host and network intrusion detection, wireless security, penetration testing, digital forensics, malware analysis, threat hunting, and incident response. In addition to earning several professional certifications, Troy has a BS in Computer Engineering and Computer Science. Troy enjoys writing custom tools and developing novel techniques for testing the security posture of an organization. Away from work, Troy enjoys spending time with his family, camping/hiking in the mountains, homebrewing, woodworking, and coaching children in STEM programs.


Tue, November 30, 2021 11:00 AM – 4:00 PM ET

Wed, December 1, 2021 12:00 PM – 4:00 PM ET

Thu, December 2, 2021 12:00 PM – 4:00 PM ET

Fri, December 3, 2021 12:00 PM – 4:00 PM ET

Register to attend this course virtually in December 

Join the Wild West Hackin’ Fest Discord server to stay updated on future training and webcasts: Join Our Server!