If you were tasked to put together a forensic toolkit with 25 tools or less, chances are Wireshark would be one of those tools–especially if you planned on dealing with packet captures. Because it is free, open source, and cross-platform, Wireshark makes a great packet capture and analysis tool for just about any forensic toolkit. Never the less, this staple tool has been around for so long (think back to the days of Ethereal) that we sometimes take it for granted. In this article we will explore a few tips and tricks that highlight why we like this tool so much.
By Tony Lee, Scientist at FireEye, Inc.
Jason Bevis, Managing Principal at FireEye Labs
The details behind successful security operations centers.
by Jason Bevis (CISSP, ISSMP, CRISC)
Combating the Insider Security Threat – A Security Awareness Exercise
by Jason Bevis (CISSP, ISSMP,)