I’m pretty new with WireShark. I'm trying to prove that some files were intentionally altered by some intrusion to my laptop. When first finding these files having been changed, I started capturing my network connection with WireShark. The names have obviously been changed, but I’m looking for some forensic evidence in the packets I've captured as to how this was done. Is there a way to show a file that was created and named ExampleFile at a specific time/date, then, at a later time/date was changed to ExampleFileAltered?
