There are a variety of methods that are used to not only access a potential evidence source but the type of acquisition that can be undertaken. To define these methods better, it is important to have a clear understanding of the manner and type of acquisition that can be utilized:
- Local: Having access to the system under investigation is often a luxury for most enterprises at times. Even so, there are many times where incident response analysts or other personnel have direct physical access to the system.
- Remote: In a remote acquisition, incident response analysts leverage tools and network connections to acquire evidence. Remote acquisition is an obvious choice if the incident response analysts are dealing with geographical ...