Network captures, or packet captures, are essential to digital forensics. First, they play a critical role as a primary source of evidence as they provide a detailed record of all network communication. These network captures provide details about what systems were communicating, when (timestamps), IP address information (source and destination), and even what protocols were being used! Obtaining a network capture also allows one to reconstruct the events that took place. Depending on the amount of network traffic captured, you can understand what occurred before and even after the incident.
I know you have probably used Wireshark in other courses, but let us quickly review Wireshark. I will also demonstrate other features of Wireshark, such as filtering for specific data (specific ports, protocols, and IP Addresses), extracting data, and more.
Download https://www.wireshark.org/
NetworkMinor is another tool for viewing network captures. This tool has many great features and makes locating information quick and easy. However, we will use the free edition, so some features will not be available.
Download https://www.netresec.com/?page=NetworkMiner
Sample files: https://share.netresec.com/s/nF5zNcaXLgwdQFZ