This session we learned about Source of Network-based Evidence and Principles of Internet.

There are evidences such as On the wire In the Air and Routers. On the wire is a physical cabling that carries data over the network. A wire tapping can provide real-time network data. There are different tap types, such as vampire tap, surreptitious fiber tap and infrastructure tap. Vampire tap punctures insulation and touches cables.Surreptitious fiber tap bends cable and cuts sheath which exposes light signal Infrastructure tap plugs into connectors and replicates signal.

The tools that we use to save the evidence packet was using Wireshark in Kali Linux, after the packet has been capture, it will save into a PCAP file inside the root folder of the Kali Linux or the Wireshark folder in the Windows.