A Windows system that Maria is responsible for has been experiencing service outages. The outages correspond to processes run on another system in the datacenter, and Maria believes that unexpected traffic may be sent to the Windows system. Which of the following data sources should Maria use to best understand what is happening?

A packet capture will show attempts to connect to the service and will help Maria determine if there is unexpected traffic to the system. A network firewall could stop the traffic, but analyzing the actual traffic itself is best done with a packet capture. Logs may be useful as part of the analysis, but again, packet captures will provide more information. A forensic disk image is not useful for reviewing network traffic.