Good Practice Guide for Computer-Based Electronic Evidence
https://www.7safe.com/electronic_evidence/ACPO_guidelines_computer_evidence.pdf
The traditional “pull-the-plug” approach overlooks
the vast amounts of volatile (memory-resident and
ephemeral) data that will be lost. Today, investigators
are routinely faced with the reality of sophisticated
data encryption, as well as hacking tools and malicious
software that may exist solely within memory. Capturing
and working with volatile data may therefore provide
the only route towards finding important evidence.
Thankfully, there are valid options in this area and
informed decisions can be made that will stand the
scrutiny of the court process.
The traditional “pull-the-plug” approach overlooks
the vast amounts of volatile (memory-resident and
ephemeral) data that will be lost. Today, investigators
are routinely faced with the reality of sophisticated
data encryption, as well as hacking tools and malicious
software that may exist solely within memory. Capturing
and working with volatile data may therefore provide
the only route towards finding important evidence.
Thankfully, there are valid options in this area and
informed decisions can be made that will stand the
scrutiny of the court process.
