1. Download the dump file
2. Hash the file
3. Using TCPxtract recover the files (categorised) OR
4. Using NetworkMiner, try to recover the files, and other information from the dump.
Now grab any 2 of the extracted files and place them within as accurate a timeline as you can determine and analyse the source of these files as well as any surrounding activity that might be relevant.
Examples of information that you may gather: Open TCP ports, Number of packets received for a given session associated with an extracted file(s), Host type, which sessions prompted for usernames and passwords, etc.
This assessable should be presented in the form of a short report (< 1500 words