The things learned from this session:

• The goal of evidence acquisition. Its goal is to acquire data from the network devices in an organization without leaving a deep impact on the company itself. However, it is impossible to achieve a zero footprint investigation.
• For physical interception, the available tools are inline network tap, “vampire taps”, induction coils, etc.
• Some of the traffic acquisition software are Tcpdump, Wireshark, Snort, etc.