Chapter 2.1 - Packet Analysis & Protocol Dissection
Master packet capture, Wireshark, tcpdump, and protocol dissection to detect C2 beacons, exfiltration, port scans, and protocol abuse.
2 docs tagged with "network-forensics"
View all tagsChapter 2.3 - Network Forensics & Log Analysis
Reconstruct attacks from packet captures, NetFlow, Zeek logs, and correlated auth/DNS/proxy logs. Covers chain of custody and MITRE ATT&CK mapping.