Chapter 4

Volatile Data Analysis


An examiner can easily utilize network capable forensic applications to gather this data. EnCase Enterprise, FTK, and even X-Ways with the help of F-Response, can gather volatile data over the network from remote machines. In the majority of incidents this is the quickest and most convenient method of gathering the data you want. How the data is obtained becomes a matter of choice, cost, convenience, and necessity. The one thing that cannot be overlooked is the need to capture this data immediately. We will look at utilizing some of the tools mentioned above in the Network Analysis and Host Analysis chapters as well.

Volatile data analysis is a key element in a network intrusion analysis. It can often ...

Get Network Intrusion Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.