Network Forensics Cheat Sheets for Beginners

August 23, 2017 | Views: 8588

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here


I am going share the best cheat sheets about computer forensics, specifically those focused on Network Forensics. You can learn from this and can practice with labs and projects. These cheat sheets come from some of the big companies in the IT security field.

1. SANS Cheatsheets for forensics

Learn and understand file headers and how they work with them. This is very useful when one wants to investigate network traffic and detect what happened on a network and how a hack occurred or get infected by malware. This helps to offer a deeper understanding of file headers and how to work with them with mainly the following commands:

-hex files headers







-windows findstr


2. Wireshark Display Filters

Learn from this cheat sheets how to find the requested data and filter it in Wireshark to get the purpose of data (gain context). Learn to work with these filters in Wireshark, such as IPv4, IPv6, Ethernet, TCP, UDP, frame relay, rip, Mpls, BGP, HTTP, and more.

This helps us to find what we find in a very quick way and get our data make our investigate process so quickly.


3. TCP dump cheat sheet

TCPDump is one of the most common tools to investigate in network traffic and analyze it and it’s very useful in network forensics field, and it’s very little size but most useful tool to network admins and security means to analyze traffics and get useful information and detect what really happened in network

Practice with protocols such as “IP, TCP, arp, ICMP, ether, radio, ppp, link, etc.” and practice with TCP flags to understand traffics and help us to investigate in a network to find very useful information.


4. SANS Network forensics and analyzing

Explore network forensics and small companies and enterprises with this very very useful cheat sheet and poster,this is talk about network source data type such as full packet captures and log files and firewalls captures and … and talk about ELK stack its means “Elasticsearch for search and analyse data, logstach for data collection, Kibana for data visualization and how we can use this in forensics and investigating and incident response process.

And also talk about network source data collections such as routers and switches and … and talk about how we have to work with full packet captures and introduce tools for NSM network security monitoring log files and how to work with them and  in last its introduce most common and useful tools for network forensics and real world and what purpose are they for such  as “tshark, capinfos , ngrep, nfdump, network miner, tcpflow , grep, tcpextract , mergecap , …” and after these its introduce full packet  indexing platform “Moloch” and talk about network traffic anomalies and what is purpose and how we have to work with full packet captured.

These are just a very small part of all cheat sheets and materials for this field and I am going to share more useful little files like this because I think these can help students of this field to find good stuff and practice with good and real world stuff.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Thanks. It is very useful and good for skills building. God bless you!

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?