Network Traffic Forensics is an AI agent skill published by agensi that enables structured, professional-grade network forensic investigations. It accepts packet captures (PCAP), flow records, and outputs from tools such as tshark, Zeek, and Wireshark, then applies a rigorous analytical methodology to reconstruct security incidents.
The skill addresses beaconing detection, lateral movement mapping, and protocol misuse during traffic reconstruction. For metadata analysis, it performs deep inspection of DNS queries, HTTP headers, TLS SNI fields, and certificate chains. From this analysis it generates forensic reporting artifacts including executive summaries, indicator of compromise (IoC) tables, and chronological event timelines. It also supports validation by aligning network evidence with endpoint logs and threat intelligence sources.
A key design goal is forensic rigor: the skill maintains chain of custody discipline, explicitly distinguishes between confirmed facts and working hypotheses, and flags evidence gaps rather than filling them with assumptions. The final output is a forensic dossier containing an evidence inventory, an analyst-grade event timeline, a categorized IoC list, and concrete validation actions suitable for incident response teams.
This skill is appropriate when an agent needs to go beyond generic AI summarization and apply a disciplined, repeatable forensic methodology to network data. It is not a live packet capture tool and does not replace dedicated network monitoring platforms.