Live System Forensics

  • Active systems are normally running systems.
  • An active system uses power when in the presence of volatile data and the power to disappear regardless of whether, in the long run be able to collect all of the data is maintained, there are non-volatile.
  • However, BitLocker uses the system, or shut down the system, the Server service-driven environment where you are because you have to collect the data from the active system situation.
  • The active system is altered by a malicious user could be all sorts of commands is a read-only medium, because the system uses research tools shall be stored.
  • You should be aware that the collection of data in order to collect from should be a high priority for volatility.

  • [ Active system investigation procedures ]