O'Reilly logo

Computer Evidence: Collection and Preservation, Second Edition by Christopher L. T. Brown

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Benefits of Volatile-Data Collection

Prior to collecting volatile memory from a system, investigators may want to review Chapter 3, “Evidence Dynamics,” and Chapter 6, “Volatile Data.” These chapters introduced the basics of how human actions, tools, and environmental factors affect potential evidence as well as the volatility of computer data. This chapter focuses on the value and cost-benefit trade-offs for collecting some of the most volatile data contained in a computer: physical memory and random access memory (RAM).

In the early days of computer forensics, many investigators acting as first responders in digital evidence seizure focused on the decision of whether or not to pull the plug or initiate an orderly shutdown of the computer in ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required