This document discusses network forensics and packet analysis. It provides an introduction to network forensics methodology and considerations for network-based digital evidence. This includes challenges like volatility, scattering of evidence across multiple sources, and encryption. The document also discusses the scope and role of network forensics, including standards for evidence acquisition, storage, analysis, and forensic readiness. Finally, it provides tips and examples for using Wireshark to analyze network traffic and identify abnormal packets through built-in features and example packet capture files.