Evidence Category · 11 Questions

Network Traffic

Measures network traffic forensics.

Questions in This Category

Q043Exfiltrated data (flag in the secret field) in CAPTURE.PCAP?

Q044Exfiltration destination IP?

Q045Which HTTP method performed the exfil?

Q046Exfil destination host (Host header)?

Q047Internal client IP that exfiltrated?

Q121Transport protocol in CAPTURE.PCAP?

Q122Source port of the exfil connection?

Q123Destination port of the exfil connection?

Q157HTTP request path of the exfil?

Q171Magic number of the CAPTURE.PCAP file?

Q172HTTP method of the decoy (secondary) connection?