Complete the sentence to define network forensics.
Network forensics is the process of capturing, recording, and analyzing network [1] to detect and investigate security incidents.
Network forensics involves analyzing network traffic (data packets) to find evidence of attacks or unauthorized activity.
Complete the sentence to identify a common tool used in network forensics.
A popular open-source tool for capturing and analyzing network packets is called [1].
Wireshark is widely used by cybersecurity professionals to capture and inspect network packets in detail.
Fix the error in the sentence about network forensics data sources.
Network forensics primarily relies on analyzing [1] logs to trace malicious activity.Network forensics focuses on network logs, such as packet captures and flow records, to investigate incidents.
Fill both blanks to complete the network forensics process steps.
The first step in network forensics is [1] data, followed by [2] the data for analysis.
The process starts with capturing network data, then filtering it to focus on relevant information.
Fill all three blanks to complete the dictionary comprehension that filters suspicious IP addresses.
suspicious_ips = {ip[1]: count for ip, count in ip_counts.items() if count [2] [3]This code converts IP addresses to lowercase, then selects those with a count greater than 100, indicating suspicious activity.