f:["$","$L17",null,{"module":{"slug":"module-16","title":"Network Forensics","description":"Reconstructing files and user activity from PCAP data.","order":16,"sections":[{"id":"extraction","title":"File Extraction","type":"content","content":"\n < div class=\"space-y-4\" >\n

Wireshark isn't just for looking at headers. You can pull files out of the air.

\n < div class=\"bg-blue-900/20 p-4 rounded border border-blue-500/30\" >\n

\n File -> Export Objects -> HTTP \n < br >
\n This will reconstruct any images, PDFs, or executables transferred over unencrypted HTTP.\n Great for proving malware delivery.\n

\n \n \n "},{"id":"scenarios","title":"The Evidence","type":"content","content":"\n < div class=\"space-y-2\" >\n

Webmail

\n < p class=\"text-xs text-zinc-500\" > Recovering deleted emails from cached IMAP packets.

\n < div class=\"p-2 bg-zinc-900 rounded\" >\n

VoIP

\n < p class=\"text-xs text-zinc-500\" > Replaying captured voice calls(RTP streams).

\n \n \n "},{"id":"quiz","title":"Forensics Quiz","type":"quiz","quizQuestions":[{"id":1,"type":"multiple-choice","question":"Which protocol is used for transporting voice data in VoIP calls?","options":["RTP","SIP","HTTP","FTP"],"correct":"RTP"}]}]},"courseSlug":"network-security","nextModuleSlug":"module-17"}]