Create lab5-network-forensics.md

Author: ngvuthdanhh

labs/lab5-network-forensics.md

@@ -0,0 +1,15 @@
+# Lab 5 – Network Forensics
+
+## Objective
+Investigate network captures to identify malicious communication.
+
+## Tasks
+1. Analyze PCAP data with Wireshark.
+2. Identify C2 traffic, exfiltration, or scans.
+3. Extract files from PCAP.
+4. Correlate network activity with endpoint artifacts.
+
+## Expected Output
+- PCAP findings  
+- Extracted artifacts  
+- Attack-flow diagram