Logs provide a detailed, chronological record of events which is necessary to investigate security incidents.
Without data flowing in, there is nothing to look at!
Understanding and analyzing packet-level evidence in pcap files.
Work in progress.
Packet Capture or PCAP files record the raw data packets. You can use tools like Wireshark and tcpdump to intercept data from a network interface, which are then stored as pcap files.
With the network activity stored in these files, we can investigate and anaylze traffic at the packet level.
We can generate our own traffic, but there are free, publicly available pcap files like here: Netresec 1
Work in progress.