With today’s malicious software and myriad of network aware client-side software, one of the tools that should be in the forensic analysts’ toolbox is a response system for data collection and analysis. This presentation will provide a cookbook approach to build a forensic workstation using several virtual environments, which when installed together with supplemental hardware, provide a network forensic tool for portable incident response and Network Forensic Analysis. All of the techniques presented can be easily adapted to provide a malware analysis lab.