CompTIA Security+ (SY0-601) — Question 738

A security analyst generated a file named host1.pcap and shared it with a team member who is going to use it for further incident analysis. Which of the following tools will the other team member MOST likely use to open this file?

Answer options

• A. Autopsy
• B. Memdump
• C. FTK imager
• D. Wireshark

Correct answer: D

Explanation

Wireshark is the most appropriate tool for analyzing pcap files, as it is specifically designed for network packet analysis. Autopsy, Memdump, and FTK imager are not suited for opening pcap files; they serve different purposes such as digital forensics and memory analysis.