O'Reilly logo

Practical Digital Forensics by Richard Boddington

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Acquiring digital evidence through live recovery processes

The process of recovering digital evidence by extracting live system data before powering down a computer involves capturing and at the same time preserving volatile memory, system processes, and network information that would otherwise not be recoverable with the traditional dead recovery process. Live recovery occurs when the computer operating system is still running. Until recently, it has been widespread practice to undertake dead recovery, with the recommendation that computers should be turned off to prevent accidental deletion and contamination of evidence.

The comparatively small size of datasets made it feasible but still time-consuming to image hard drives as a matter of convention. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required