Creating a Windows Live-Analysis Toolkit

Conducting live analysis of a Windows system takes some prior planning. Traditionally, one of the most cost-effective and safest methods of performing live analysis was to create a series of live-analysis CDs. These CDs would contain the software needed to recover the majority of the evidence that a network intrusion investigator would need to properly process a victim computer’s memory. These CDs would contain not only trusted copies of common analysis tools but also the shared dynamic-link libraries (DLLs) on which these tools rely. These CDs should not be confused with boot CDs such as BackTrack or SANS Investigate Forensic Toolkit (SIFT) (http://www.computer-forensics.sans.org/community/downloads/ ...