When are live acquisitions useful?
What will be an ideal response?
ANSWER: Live acquisitions are especially useful when you’re dealing with active network intrusions or attacks or if you suspect employees are accessing network areas they shouldn’t. Live acquisitions done before taking a system offline are also becoming a necessity because attacks might leave footprints only in running processes or RAM; for example, some malware disappears after a system is restarted. In addition, information in RAM is lost after you turn off a suspect system. However, after you do a live acquisition, information on the system has changed because your actions affect RAM and running processes, which also means the information can’t be reproduced. Therefore, live acquisitions don’t follow typical forensics procedures.
You might also like to view...
__________ refers to data that describes other data.
a. pseudodata b. microdata c. abstract data d. metadata
Patents last for ________.
(a) 20 years (b) 75 years (c) the life of the author (d) the life of the author plus 70 years
The keywords in the accompanying figure will show up on the website home page.
Answer the following statement true (T) or false (F)
When the divisor is able to divide the number, a 1 is placed in the quotient and the divisor is subtracted from the partial dividend; the result is referred to as a ________.
Fill in the blank(s) with the appropriate word(s).