Introduction

An examiner can easily utilize network capable forensic applications to gather this data. EnCase Enterprise, FTK, and even X-Ways with the help of F-Response, can gather volatile data over the network from remote machines. In the majority of incidents this is the quickest and most convenient method of gathering the data you want. How the data is obtained becomes a matter of choice, cost, convenience, and necessity. The one thing that cannot be overlooked is the need to capture this data immediately. We will look at utilizing some of the tools mentioned above in the Network Analysis and Host Analysis chapters as well.

Volatile data analysis is a key element in a network intrusion analysis. It can often ...