Question Description

I’m working on a computer science discussion question and need an explanation and answer to help me learn.

Collecting Volatile Data in a Forensics Investigation

The traditional forensics technique of immediately unplugging power to the computer and getting a bit-stream image of the system via the hard drive does not always provide enough answers. Investigators often need to know what was happening on the system live — and this means there is a need to capture data from a system while it is still running. Discuss the concept of “live response” and volatile data collection during a forensic investigation. Discuss some of the tools used during “live response.” What information is gathered during a “live response”? What are the pros and cons of using live response in addition to non-volatile data collection?