In this session we were informed of the tools that can be used to analyze files in order to find sample, seal, and dissect the evidence obtained, where in this case the file is a pcap file. The tools that were used in this session were tshark and wireshark.

In this session we also learned about flow analysis where it is used to locate data in the operating system or to identify patterns in traffic. There are various tools that can be used for flow analysis, but wireshark is typically used due to its ability to provide many different analysis methods and an easy to use GUI.