Live Forensics Flashcards
Live Forensics
This lesson will cover what live forensics means, and why evidence may be collected in this way. Live forensics is a branch of digital forensics that focuses specifically on computers and other IT systems that are powered on. As we’ve previously covered, volatile artifacts often only exist while a system is turned on, and shutting the system off would cause these artifacts to be lost. This volatile data could be extremely important to an investigation, so it’s crucial to collect it, but not jeopardize other data that could be affected by aspects such as SSDs that use Garbage Collection or TRIM. To acquire volatile data, but not leave the system running for extended periods of time where unnecessary, live forensics techniques can be used to quickly acquire evidence.
