This class we learned about evidence acquisition. The best possible outcome is the perfect-fidelity evidence with no impact on network environment. However, it is not possible to achieve a zero footprint investigation regardless how clean it is, so maximum effort must be made to minimize investigative footprint.

Physical Interception is capturing or sniffing packets, the tools available for this are:
1. Inline Network Tap
2. Induction Could
3. Fiber Optic Taps

Software used to capture and sniff packets:
1. Wireshark
2. tcpdump
3. ngrep
4. nmap