ENISA has published training course material on network forensics for cybersecurity specialists. The material includes manuals for trainers and students, and tools and data related to exercise scenarios through Virtual Machines.
Based on current best practices, the training includes performance indicators and means that will help those who take it increase their operational skills of tackling cyber-incidents.
ENISA makes available a ready-to-use version, including manuals for trainers and students, and provides tools and data related to exercise scenarios through Virtual Machines.
The training consists mainly of exercises focused on logging and monitoring, detection, and analysis or data interpretation. For example, one exercise deals with an attack on an ICS/SCADA environment in the energy sector. It starts with the preparation phase and it is followed by the incident analysis and post-incident activity.
For the full training material visit: Introduction to Network Forensics