Network traffic analysis is pretty awesome and can provide a wealth of forensic information. This hands-on workshop starts with a quick overview of the the basics of how traffic flows and progresses to file carving and other advanced activities. I build my own packet captures to demonstrate a variety of protocols and network activity, both benign and malicious. Participants only need their laptop, Wireshark, and packet captures that will be provided via a Google Drive link. For those without devices, there is still value in watching the walk-throughs. I have given similar workshops in the past but always have new captures to keep it fresh.