Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

Practical network forensics

Marcelle Lee (Fractal Security Group, LLC), Lisa Foreman-Jiggetts (Women's Society of Cyberjutsu)
9:00–12:30 Wednesday, 9 November, 2016
Security in context (security datasci)
Location: E104/106 Level: Intermediate
Average rating: ***..
(3.67, 3 ratings)

Materials or downloads needed in advance

  • A laptop with Wireshark installed
  • Sample packet captures provided via Google Drive prior to tutorial

What you'll learn

  • Understand the power of network traffic analysis
  • Gain exposure to practical applications of concepts and access to materials for further practice


Analysis of network traffic can provide a wealth of information about cyber actor activity. Artifacts obtained through network traffic analysis can reveal hacker techniques and methodology, including use of malware, network traversal, privilege escalation, establishment of persistence, and data exfiltration. Organizations are sitting on a gold mine of potential forensic data and often do not even realize it. Or, worse, they are keeping records of network traffic for a very short window of time or even not at all.

You don’t have to be a SOC analyst or an incident response guru to leverage network forensics. Marcelle Lee and Lisa Foreman-Jiggetts explore the wealth of information that can be learned through network traffic analysis.
Marcelle and Lisa start with the basics of traffic flow, including an examination of the layers of the OSI model and TCP/IP stack, network ports and protocols, and different types of packet headers. From there, they dive into the fun part—using a protocol analyzer to examine custom packet captures showing both “normal” and malicious network activity.

Photo of Marcelle Lee

Marcelle Lee

Fractal Security Group, LLC

Marcelle Lee is an analyst with the federal government, an adjunct professor at Anne Arundel Community College, and cofounder of Fractal Security Group, LLC. Marcelle is involved with several industry organizations, working groups, and boards, including the Women’s Society of Cyberjutsu and the ISSA Women in Security Special Interest Group. Marcelle holds CSX-P, GCFA, GCIA, GCIH, GCCC, C|EH, CCNA, Security+, Network+, and ACE industry certifications as well as several degrees. She is currently pursuing a master’s degree in cybersecurity at UMBC. Marcelle is a cybersecurity competition enthusiast and an active volunteer in outreach to students and the community.

Photo of Lisa Foreman-Jiggetts

Lisa Foreman-Jiggetts

Women's Society of Cyberjutsu

Lisa Jiggetts is the founder and CEO of the Women’s Society of Cyberjutsu (WSC), which provides women with the resources and support required to enter and advance as cybersecurity professionals. Lisa and her organization have been profiled in Fortune, SC magazine, and PenTest Magazine, among others, and she is proud to be known as a straight-up but down-to-earth motivator to the women she mentors. She is a sought-after presenter and has been a guest speaker for numerous conferences and podcasts. Lisa, a service-disabled veteran, began her cyber career in the military, where she excelled as an IT security specialist. With over 20 years of information technology experience, 17 of them in cybersecurity, her experience spans risk assessments, penetration testing, vulnerability assessments, and policy development across military, government, and commercial industries. She holds a variety of technical and management certifications as well as a bachelor’s degree in information technology from the University of Maryland University College and an MBA. Not just a full time geek with a passion for making a difference, Lisa is also an accomplished artist.