When attempting to reconstruct an incident from a packet capture, which three things should an analyst pay special attention to? (Choose three.)

When attempting to reconstruct an incident from a packet capture, which three things should an analyst pay special attention to? (Choose three.)
A . IP addresses of hosts that may have been affected
B . the path that was used in the attack
C . the timeline of the attack
D . the tool used to produce the packet capture
E . the geo-location information in the IP header

View Answer

Answer: ABC