Volatile data collection from Window system
Volatile data is the data that is usually stored in cache memory or RAM. This volatile data is not permanent this is temporary and this data can be lost if the power is lost i.e., when computer looses its connection.
During any cyber crime attack, investigation process is held in this process data collection plays an important role but if the data is volatile then such type of data should be collected immediately. Volatile information can be collected remotely or onsite. If there are many number of systems to be collected then remotely is preferred rather than onsite.
It is very important for the forensic investigation that immediate state of the computer is recorded so that the data does not lost as the volatile data will be lost quickly. If the volatile data is lost on the suspects computer if the power is shut down, Volatile information is not crucial but it leads to the investigation for the future purpose. To avoid this problem of storing volatile data on a computer we need to charge continuously so that the data isn’t lost. So that computer doesn’t loose data and forensic expert can check this data sometimes cache contains Web mail.
This volatile data may contain crucial information.so this data is to be collected as soon as possible. This process is known “Live Forensics”.
This may include several steps they are:
- Initially create response tool kit.
- Storing in this information which is obtained during initial response.
- Then obtain volatile data
- Then after that performing in in-depth live response.