There are two things that responders are facing more and more, and those are (a) an increase in the sophistication and volume of cybercrime, and (b) an increase in instances in which systems cannot be taken down, requiring live response and/or live acquisition. Given these conditions, we should be able to develop processes by which responders can collect volatile data (keeping evidence dynamics in mind) to be used in court as "evidence".
At the Windows Incident Response blog.
[ Read more ]
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.