In this session we learned about evidence acquisition. In evidence acquisition, it is required that we minimize our investigative footprint as much as possible.

Physical interception is a passive packet acquisition as it is being transmitted through a wire in order to capture or sniff packets. This is done by using inline network tap, induction coils, vampire taps, and fiber optic taps. On the other hand, software used to capture and sniff packets are wireshark, tcpdump, ngrep, and nmap.

In this session we also learned about tcpdump and some of its commands that can be used for analysis which are:

1. tcpdump -D (list all possible network interfaces)
2. tcpdump -i (shows all packets captured from the network interface)