Use Wireshark, tcpdump, ngrep, and$/$or other network tools to answer the following quesEons about

the packet capture file charade$\_$capture.pcap, found in the following folder on you Cyber Range

Forensics Environment.

$ cd $/$home$/$student$/$Desktop$/$cases$/03\_$Network$-$Captures

$1.$ What is the start date and Eme for the capture?

$2.$ How many total packets are captured?

$3.$ What is the top $($most used$)$ applicaEon$-$layer protocol in the capture?

$4.$ Find the first DHCP request in the capture.

a$.$ What is the hostname of the requesEng system?

$1$

CS$521$ Digital Forensics

Term: Winter $2024$

b$.$ What IP address was assigned to the requester?

c$.$ Can you idenEfy the manufacturer of the client system? How?

d$.$ What is the IP address of the DNS server idenEfied in the DHCP response?

e$.$ What is the duraEon of the lease?

$5.$ Websites:

a$.$ List a few websites visited by the computer at the IP listed above.

b$.$ Is there any indicaEon from web traffic that the user was looking for a new job? If so$,$ list those

websites.

$6.$ There are three emails from the address in$5$id$3$r$.$thr$34$t@aol.com.

a$.$ What is the name of the apparent owner of that email address?

b$.$ Who are the recipients of those three emails?

c$.$ One of the emails contains an image file. What is the name of the file?

d$.$ Can you $$carve$$ the image from the network traffic? What is the address of the locaEon

depicted in the image?