A packet capture was taken during a suspected data exfiltration event. The attacker used DNS tunneling to smuggle data out.
A Windows memory dump was captured from a compromised workstation. Use Volatility to identify the malicious process.