From the course: Operating System Forensics
Join today to access over 25,200 courses taught by industry experts.
Introduction to live acquisition
From the course: Operating System Forensics
Introduction to live acquisition
- [Instructor] Live acquisition is a digital forensics technique that takes a snapshot of the main memory of a running computer system. Primary memory and random access memory or RAM are other names for main memory. The importance of live acquisition is increasing for multiple reasons. First, volatile information is only kept in the main memory. This includes information on active network connections, encryption keys, and passwords. In particular, unencrypted data and passwords are invaluable in obtaining access to evidence that could make or break a criminal case. With strong encryption and password protected data, it's often impossible to acquire any data at all these days. Another important type of data is the network transaction details. These details allow documenting a crime in action by capturing messages exchanged between criminals. Imagine a malware program communicating with its writer during a live acquisition attempt. This is comparable to a surveillance camera capturing a…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.