O'Reilly logo

Cisco Router and Switch Forensics by Dale Liu

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Volatile Data Collection Procedures

There are a number of key points to remember when collecting volatile evidence from a router or switch, as outlined in the following lists. Depending on the situation, it may be necessary to disconnect selected interfaces or attached devices, but always attempt to minimize any changes to the device.
DO:
▪ Access the device through the console where possible.
▪ Record your entire console session, starting before you connect to the device.
▪ Run show commands from a script.
▪ Record the actual time and the router's time; take screenshots.
▪ Record the volatile information.
DON'T:
▪ Reboot the router ( ever!).
▪ Access the router through the network unless it is isolated.
▪ Run configuration commands.
▪ Rely only on persistent ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required