This document discusses network forensics puzzles from DEFCON 2011. It provides instructions and solutions for 5 puzzles involving analyzing packet captures to find hidden clues and passwords. Key steps included using tools like tcpdump, tcpflow, foremost, grep, and NetworkMiner to extract files and identify hosts, protocols, and network activity that revealed the solutions.