Skip to content
TraceLattice Academy

Courses / Digital Evidence Basics

Cover visual for Network Artifact Primer for Forensics

Network Artifact Primer for Forensics

PCAP-adjacent skills for people who usually live on disk: DNS, HTTP headers, and TLS metadata stories.

  • 3 weeks · async
  • Async
  • Digital Evidence Basics
  • 176,000 KRW
Schedule a workshop call

Overview

You stay inside the forensics framing: what to export, how to time-align with disk events, and how to avoid over-reading partial captures. Labs use canned PCAP slices so you are not chasing live internet variance.

What is included

  • Time-alignment worksheet linking DNS to filesystem writes
  • Three PCAP slices with guided questions
  • Export recipes for common enterprise proxies
  • Office hour on TLS metadata limitations

Outcomes

  1. Narrate a DNS spike against a disk timeline without causal overreach
  2. List three TLS metadata fields you will not over-interpret alone

FAQ

Wireshark depth?

Enough to navigate and filter confidently. We are not training protocol reverse engineers.

Live capture?

No. Only archived slices to keep scope predictable.

Omissions

Active directory replication forensics is not included.

Learner notes

  • “DNS-to-disk alignment exercise was the first networking bridge that stuck.”