The things learned from this session:

• The sources of network evidence include switches, routers, DHCP server, DNS server, authentication server, etc. The switch and router are utilized in the second and third OSI layers respectively. The evidence that one can acquire from the switches is the MAC addresses of the devices. In the case of the router, the IP addresses and port numbers of sources and can be obtained from it as the router itself
• The centralized log server is a server that stores the traffic coming from various devices in a network. The traffic is then transmitted to the SIEM to be analyzed.
• The DNS server is the heart of the Internet as with its presence, we can visit websites by referring to its name rather than the complex IP address. It is easier for humans to remember names instead of numbers.