Explain the pros and cons of performing a live response evidence collection versus a forensic disk image. Why is a live response the most common method of evidence preservation during an IR?

Welcome back.

and 4 others joined a min ago.

3.5kviews

written 7.8 years ago by

nisha.vanjari • 40

modified 7.8 years ago by

awari.swati831 • 100

Subject: Digital Forensics

Topic: Initial response and forensic duplication

Difficulty: High

digital forensics

ADD COMMENT EDIT

1 Answer

254views

written 7.8 years ago by

nisha.vanjari • 40

A live response is typically used for two purposes, to gather volatile evidence before a system is shut down for imaging, and as a ‘first look’ at a system to determine whether it requires additional attention.

In large enterprise investigations, you may find that most of your investigation is accomplished …

Create a free account to keep reading this post.

and 3 others joined a min ago.

ADD COMMENT EDIT

Community

Users
Levels
Badges

Content

All posts
Tags
Dashboard

Company

About
Team
Privacy