Chapter 2. Laying Hands on the Evidence


"Unless you know where you are going, you won't know how to get there!"

 --Neil Strauss, The Rules of the Game

In this chapter, you will learn how to identify the different sources of evidence and get your hands on the evidence. You will learn how to acquire, manage, and handle the evidence to understand how a crime was committed.

The chapter will cover the following topics:

  • Identifying sources of evidence
  • Learning to handle the evidence
  • Collecting network traffic using tcpdump
  • Collecting network traffic using Wireshark
  • Collecting network logs
  • Acquiring memory using FTK Imager

Identifying sources of evidence

For any successful investigation, it is extremely important to successfully collect, collate, preserve, and ...

Get Learning Network Forensics now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.