In this chapter, we learned a lot. We started by making use of client-side SSL log files to decrypt SSL/TLS sessions. Then we looked at DNS malicious query responses that carry command and control data. We explored WEP and WPA2 decryption by decrypting the password through the Aircrack-ng suite and made use of decryption keys in Wireshark. We also went through a small snippet of code in Python to segregate and decode data. Finally, we looked at the USB keyboard capture file and decrypted the keystrokes pressed by the user at the time it was recorded in the PCAP file. This is the end of our preparation phase, and we will now jump into the hands-on side of things. We will be making use of the lessons and techniques learned in the first five chapters, and based on the knowledge we gained; we will try to solve the challenges in the upcoming chapters.

In the next chapter, we will look at live malware samples, and we will perform network forensics over them. We will develop strategies to unfold the root cause of the malware deployment, and find vital details, such as the first point of entry in the network.