Scenario:

This task is about pcap analysis, elementary forensics, and coding principles. Here's the scenario:

Employee Tom, who oversees a forensics expert named Harry at Company X$,$ encountered a security

breach when his laptop got infected with malware during an internet session at a caf$.$ The company

has secured the laptop's packet capture and initially handed it over to Harry before he unexpectedly

resigned. Now, Company X has enlisted your expertise to unravel the incident. It's important to note

that this packet capture is infected with malware. You are advised to manage the malware securely$,$

ensuring it's executed only within a virtual machine $($VM$)$ in a cybersecurity laboratory or on a VM

within your personal setup.

Setup:

$1.$ Ensure you have a secure environment for malware analysis. Use a Virtual Machine $($VM$)$

isolated from your network to prevent accidental spread of malware.

$2.$ Install necessary tools for pcap analysis $($e$.$g$.,$ Wireshark, tcpdump$).$

Analysis:

$1.$ Open the pcap file in Wireshark.

$2.$ Identify Tom's laptop IP and MAC addresses by examining the packets. Look for consistent

source IP addresses and the associated MAC addresses in ARP requests or the Ethernet layer

of IP packets.

$3.$ Analyze the packet flows to understand the communication pattern. Look for unusual or

suspicious flows that might indicate malware activity.

Report Submission:

$$ Document the IP and MAC addresses of Tom's laptop.

$$ Describe the identified flows and highlight any that are indicative of malware activity