Chapter 2. Laying Hands on the Evidence

	"Unless you know where you are going, you won't know how to get there!"
	--Neil Strauss, The Rules of the Game

In this chapter, you will learn how to identify the different sources of evidence and get your hands on the evidence. You will learn how to acquire, manage, and handle the evidence to understand how a crime was committed.

The chapter will cover the following topics:

Identifying sources of evidence
Learning to handle the evidence
Collecting network traffic using tcpdump
Collecting network traffic using Wireshark
Collecting network logs
Acquiring memory using FTK Imager

Identifying sources of evidence

For any successful investigation, it is extremely important to successfully collect, collate, preserve, and ...

Get Learning Network Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learning Network Forensics by Samir Datt

Chapter 2. Laying Hands on the Evidence

Identifying sources of evidence

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly