We learn some tools on dissecting evidences that have been gathered. Most of the time, the files that needs to be investigated is PCAP files. Tools such as Wireshark, tccpflor, pcapcat, tcpxtract can be used to do flow analysis and to dissect the packets. Wireshark is one of the most popular and can be used in both Kali and Windows as well.

There are also different types of flow analysis techniques, such as:
1. list conversation and flow
2. export a flow
3. file and data carving