O'Reilly logo

Computer Evidence: Collection and Preservation, Second Edition by Christopher L. T. Brown

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Live and Remote Collection

In Chapter 3, “Evidence Dynamics,” investigators were introduced to issues relating to shutting down the system. Recently investigators found a new component to the equation of whether to pull the plug or conduct an orderly system shutdown when collecting disk evidence. That component is the driving force to not shut down the system. Besides the loss of volatile data and other technical issues, the following business and operational reasons may compel investigators not to shut down at all:

  • For information security investigations, pulling a transaction or Web server offline may severely impact production or revenue.

  • Isolating a problem to a specific server in a Web or commerce farm can be difficult; should the investigator ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required