The author of this chapter, describes two sets of tools that have been developed by the Network Security Group at Ohio State University for investigating incidents on their network. The first set of tools is called flow-tools and they utilize NetFlow records from Cisco routers. The second set of tools, called review, is useful in examining network traffic that has been captured using tcpdump. This chapter describes these tools as well as the underlying technology of NetFlow and tcpdump. Several case studies are presented to assist in the explanation of the capabilities and appropriate use of these tools. Additionally, illustrations are presented as figures within this chapter to show what the computer screen looks like when using flow-tools and review. Figures, references