# Workflows - Packet Capture Analysis
## Workflow: PCAP Forensic Investigation
```
Open PCAP in Wireshark
    |
Review protocol hierarchy (Statistics > Protocol Hierarchy)
    |
Identify top talkers (Statistics > Endpoints)
    |
Filter for suspicious protocols/ports
    |
Extract files (File > Export Objects)
    |
Analyze DNS for C2 domains
    |
Detect beaconing patterns
    |
Extract credentials from clear-text protocols
    |
Generate investigation report
```