Chapter 2. Laying Hands on the Evidence

In this chapter, you will learn how to identify the different sources of evidence and get your hands on the evidence. You will learn how to acquire, manage, and handle the evidence to understand how a crime was committed.

The chapter will cover the following topics:

• Identifying sources of evidence
• Learning to handle the evidence
• Collecting network traffic using tcpdump
• Collecting network traffic using Wireshark
• Collecting network logs
• Acquiring memory using FTK Imager