This is a 1 day workshop that provides a foundation for investigating malicious network traffic. It begins with investigation concepts, using Wireshark, and identifying hosts in network traffic. The workshop then covers characteristics of malware infections and suspicious network traffic. Participants will learn how to determine the root cause of an infection. The workshop concludes with an evaluation in reviewing traffic and drafting an incident report.