Centre For Cybersecurity Institute Centre For Cybersecurity Institute
For institutions
For businesses Book a free info session
Menu
Courses
Free info sessionExperiential workshopCybersecurity Career Kickstart+Cyber Safety for teamsSOC Analyst
Outcomes About Blog Toolkit Contact us For businesses For institutions TERAS — license our platform · terascyber.com Book a free info session
For business

Network Forensics

Your team masters packet capture, traffic analysis and intrusion detection — building the practical skills to investigate network-based attacks and reconstruct what happened on the wire.

What your team will learn

Over five intensive days, your team learns to capture and dissect network traffic, detect intrusions, and reconstruct how an attack unfolded on the wire. Working from realistic capture files throughout, participants use tools like Wireshark, TShark, Zeek, Scapy and Snort to analyse network protocols, identify command-and-control activity, uncover man-in-the-middle attacks, and map findings to a structured investigative process. By the end, the team can turn raw packet data into clear, actionable forensic evidence.

Learning outcomes

Participants will be able to:

  • Perform advanced packet capture and analysis using Wireshark and TShark
  • Automate traffic monitoring and log parsing with Zeek
  • Craft and analyse custom packets — including IPv6 — using Scapy
  • Investigate real-world network intrusion and MiTM attack scenarios
  • Configure and operate IDS/IPS solutions including Snort and Sysmon
  • Identify network anomalies, perform flow analysis, and carve files from traffic
  • Capture and inspect wireless and HTTPS traffic
  • Apply structured mitigation strategies based on forensic findings

Who this programme is for

This course suits network engineers, incident responders, SOC analysts and security professionals who need to investigate suspicious network activity. It is a strong fit for teams that handle network monitoring or incident response, and want to develop a rigorous, tool-supported approach to turning packet captures into investigative evidence.

How you will learn

Training is delivered on-site at your organisation, using a demonstration-led apprenticeship model. Participants work on virtual and host machines, alternating between guided demonstrations, repeated practice labs, challenge questions, and capstone scenarios drawn from realistic corporate network attack cases. The class size is capped at 30 participants per trainer, ensuring each participant receives direct attention throughout the labs.

Entry requirements

Participants should have a working understanding of basic networking concepts (TCP/IP, common protocols). Prior experience with packet analysis or network forensics tools is not required — the programme develops those skills from first principles.

Duration and delivery

  • Duration: 5 days, 40 hours (8 hours per day)
  • Delivery: On-site at your premises
  • Schedule: Tailored to your organisation’s calendar — contact us to arrange dates
  • Class size: Up to 30 participants per trainer (1:30 ratio)

Fees and funding

The full course fee is S$19,500 (before GST). Singapore Citizens and Permanent Residents may be eligible for SSG subsidies that significantly reduce the cost. Additional offsets are available through SkillsFuture Credits, UTAP and PSEA.

Learner typeNett fee (after subsidy)Total payable (incl. 9% GST)
SG Citizen 21–39 / PR (70% subsidy)S$5,850S$6,376.50
SG Citizen 40+ (90% subsidy)S$1,950S$2,125.50
Self-funded / standardS$19,500S$21,255.00

SkillsFuture Credits (up to S$500), UTAP (S$200–S$500) and PSEA may be applied to offset the nett fee further after subsidy.

Course syllabus

What you will cover

Module 01 Chapter 01: Intrusion Detection
  • Networking fundamentals: network protocols, packet structure
  • Host-based investigation tools: Netstat, ProcMon, Sysinternals
  • Wireshark Advanced — analysing network attacks
  • TShark command-line traffic analysis
  • GeoIP integration for geographic traffic attribution
  • Scapy: crafting and analysing packets
  • IPv6 packet operations with Scapy
  • Zeek: output logs and automated monitoring
  • Zeek-Cut log parsing
  • Packet replay and timeline creation with Zeek
Module 02 Chapter 02: Network Analysis
  • Structured investigation process and methodology
  • Man-in-the-Middle (MiTM) attack analysis
  • Network anomaly identification and flow analysis
  • Network file carving techniques
  • NetworkMiner and file carver tooling
  • Wireless traffic capture and Wi-Fi access analysis
  • HTTPS traffic inspection and decryption
Module 03 Chapter 03: Case Investigation
  • IDS/IPS concepts: detection vs. prevention
  • Sysmon installation and configuration
  • Network event monitoring with Sysmon
  • IDS/IPS operation and rule configuration
  • Snort rule writing and signature-based detection
Module 04 Chapter 04: Mitigation
  • Network-level mitigation strategies
  • Responding to detected anomalies
  • Hardening recommendations from forensic findings
Module 05 Chapter 05: Capstone & Assessment
  • Corporate network navigation exercise
  • Cyber-attack comprehension scenario
  • End-to-end attack scenario analysis
  • Findings documentation and reporting
Course fee

Fees and funding

SG Citizen 21–39 / PRSG Citizen 40+Self-funded / Standard
Full course fee S$19,500S$19,500S$19,500
SSG subsidy 70%90%
Nett fee (after subsidy) S$5,850S$1,950S$19,500
9% GST on nett fee S$526.50S$175.50S$1,755.00
Total payable S$6,376.50S$2,125.50S$21,255.00

SkillsFuture Credits (up to S$500), UTAP (S$200–S$500) and PSEA may be used to offset the nett fee after subsidy. Fees shown include 9% GST where applicable.

Frequently asked questions

Can we use our own packet captures in the training?

Where appropriate, yes. We can incorporate sanitised captures from your environment so the analysis reflects the traffic your team sees day to day.

Do participants need prior packet analysis experience?

Some networking grounding helps, but the programme builds packet analysis skills from first principles, so prior forensics experience is not required.

What tools will participants work with?

The course is hands-on with Wireshark, TShark, Zeek, Scapy, NetworkMiner, Snort and Sysmon — the same toolset used in real incident response and network investigations.

Is this course eligible for SkillsFuture funding?

Yes. Eligible Singapore Citizens and PRs may access SSG subsidies of 70% or 90% depending on age. SkillsFuture Credits, UTAP and PSEA may also be used to offset the remaining nett fee.

Can the schedule be tailored to our team?

Yes. The five-day schedule is arranged directly with your organisation and can be adapted to suit your team's availability.

Ready to secure your workforce?

Book a 30-minute consultation to scope the right training for your team and your regulatory context.

Book a consultation Talk to our team
Chat with us