Wireshark
CyberCorp1
βοΈ Spoiler alert! Case Details Artefacts in posession: memory dump, OS event logs, registry files, Prefetch files, $MFT file, ShimCache, AmCache, network traffic dumps.
π Network Traffic
Collection Most of the devices keep some logs. As for the network-related issues are switches, routers, firewalls, IDS and IPS, web proxies, DC and authentication servers, DCHP servers and application servers.
To Carry Out MockInv'estigation. Part 1
βSPOILER ALERT! π 16/06/2021 , Wednesday π° 09:21 PM. It was a very sunny day and a very nice a long walk that my daughter and I had before lunch.
π TCP
This article collects the basics of TCP protocol. Its friend UDP (transport layer protocol as well) is faster but less reliable.