Explain the pros and cons of performing a live response evidence collection versus a forensic disk image.

Welcome back.

and 2 others joined a min ago.

5.9kviews

written 6.3 years ago by

nisha.vanjari • 40

modified 2.3 years ago by

pedsangini276 • 4.8k

Subject: Digital Forensics

Topic: Initial response and forensic duplication

Difficulty: Medium

digital forensics

ADD COMMENT EDIT

1 Answer

383views

written 6.2 years ago by

nisha.vanjari • 40

A live response is typically used for two purposes, to gather volatile evidence before a system is shut down for imaging, and as a ‘first look’ at a system to determine whether it requires additional attention.

In large enterprise investigations, you may find that most of your investigation is accomplished …

Create a free account to keep reading this post.

and 3 others joined a min ago.

ADD COMMENT EDIT

Community

Users
Levels
Badges

Content

All posts
Tags
Dashboard

Company

About
Team
Privacy