Volatile Data Collection Procedures
There are a number of key points to remember when collecting volatile evidence from a router or switch, as outlined in the following lists. Depending on the situation, it may be necessary to disconnect selected interfaces or attached devices, but always attempt to minimize any changes to the device.
▪ Access the device through the console where possible.
▪ Record your entire console session, starting
before you connect to the device.
show commands from a script.
▪ Record the actual time and the router's time; take screenshots.
▪ Record the volatile information.
▪ Reboot the router (
▪ Access the router through the network unless it is isolated.
▪ Run configuration commands.
▪ Rely only on persistent ...