Network communications are a critical component to most forensic casework and threat hunting operations. This poster helps bring clarity to the types and sources of network-based evidence, how to convert full-packet data to other, more rapidly examined formats, the tools used to query that evidence, and general use cases for network data in typical DFIR operations.
