Source of network evidence

Network evidence can be collected from a variety of sources and we will discuss these sources in the next section. The sources that we will be discussing are:

• Tapping the wire and the air
• CAM table on a network switch
• Routing tables on routers
• Dynamic Host Configuration Protocol logs
• DNS server logs
• Domain controller/ authentication servers/ system logs
• IDS/IPS logs
• Firewall logs
• Proxy Server logs