Network Forensics

Comprehensive network forensics skill for analyzing packet captures, network flows, and communication patterns. Enables reconstruction of network sessions, detection of malicious traffic, extraction of transferred files, and identification of command and control communications.

Capabilities

• PCAP Analysis: Parse and analyze packet capture files (PCAP, PCAPNG)
• Session Reconstruction: Rebuild TCP sessions and application-layer conversations
• Protocol Analysis: Deep inspection of HTTP, DNS, SMTP, FTP, SMB, and other protocols
• File Extraction: Carve files transferred over network protocols
• C2 Detection: Identify command and control communication patterns
• DNS Analysis: Analyze DNS queries, detect tunneling and DGA domains
• TLS/SSL Analysis: Inspect encrypted traffic metadata, certificate analysis
• NetFlow Analysis: Analyze network flow data for traffic patterns
• Lateral Movement Detection: Identify internal reconnaissance and movement
• Exfiltration Detection: Detect data exfiltration attempts

Quick Start