This week, we learned about the tools required to acquire evidence and to analyze them. A pcap file can be used as evidence alongside many others.

Flow Analysis is a technique of monitoring network activity to identify anomalies such as security or operational issues. It involves collecting real time and historical record of network activities. You can also detect malware such as ransomware activity. Wireshark is one of the most popular and reliable tool to perform flow analysis.