QUESTION IMAGE
Question
for which of the following reasons might you need to perform a live acquisition of a computer? (choose all that apply.)
a. for an ongoing known network intrusion
b. to capture ram data before it might be lost
c. to perform an acquisition on a mission-critical computer that cant be shut down for a static acquisition
d. to capture unallocated drive space on an active system
Brief Explanations
- Live acquisition is done on a running system. For an ongoing network intrusion, stopping the system would lose real-time data about the intrusion. RAM data is volatile and is lost when the system shuts down, so live acquisition is needed to capture it. Mission-critical systems cannot be shut down, so live acquisition is the only option. Unallocated drive space is typically captured via static acquisition, as live systems may overwrite this space, making it unsuitable for that purpose.
Snap & solve any problem in the app
Get step-by-step solutions on Sovi AI
Photo-based solutions with guided steps
Explore more problems and detailed explanations
a. For an ongoing known network intrusion
b. To capture RAM data before it might be lost
c. To perform an acquisition on a mission-critical computer that can't be shut down for a static acquisition