Problem
What these tools and techniques accomplish is to allow investigators to gather information about computer users, whether its deleted files, reconstruct artifacts, also to gather as much evidence as possible. A few reasons for a forensic investigation effort may have collection of digital evidence and acquisition of data, examination applying multiple techniques in order to identify and extract data. Analyze the data and resources to prove a case and reporting or presenting the information gathered. Wireshark is used to analyze network traffic; Snort is used to track down network intruders in real time.