In this lab walkthrough, we will analyze a network traffic capture (PCAP) file to investigate a potential data exfiltration incident involving a stealer malware. The captured traffic provides insights into an infected system's activities, including DNS requests, HTTP file downloads, email transmissions, and encrypted data transfers. Our goal is to reconstruct the attack timeline, identify key indicators of compromise (IoCs), and determine the methods used by the malware to extract sensitive information from the victim's machine. We will leverage Wireshark, a powerful network analysis tool, to filter and examine various network protocols, such as TCP, DNS, HTTP, and SMTP, to trace how the malware communicated with external servers. By dissecting packet-level details, we can extract crucial artifacts, including malicious file downloads, email credentials, and stolen data transmissions. Additionally, CyberChef will be used to decode encoded payloads and recover valuable intelligence from the exfiltrated data. As we progress through the analysis, we will explore multiple aspects of network forensics, including identifying the most active systems, tracking down command and control (C2) communications, and uncovering how the malware exfiltrates stolen information. By piecing together these digital footprints, we will gain a comprehensive understanding of how attackers operate and how organizations can detect and mitigate similar threats in real-world scenarios. This investigation will emphasize the importance of network monitoring, anomaly detection, and proactive cybersecurity measures to defend against data theft and unauthorized access.