Explain in your own words why there is a need for live syste

Explain in your own words why there is a need for live system forensics and discuss how this type of analysis improves on “dead system” analysis. Describe the challenges with data consistency and why this is an area of concern for system forensics specialists

Solution

A live analysis takes place when the investigation is being done on the live system. Due to the digital media being volatile, the investigators need to document all the steps taken while collecting the evidence during a live analysis. One example of volatile data is system memory data which contain information of processes, network connections and temporary data that are used by the operating system at a particular point of time. Unlike non- volatile data, memory data vanish and leave behind no trail after powering off the machine. There is no way to obtain the data back that once lost. So, the Live system forensics Live forensics considers the value of the data that may be lost by powering down a system andcollect it while the system is still running. The other objective of live forensics is to minimizeimpacts to the integrity of data while collecting evidence from the suspect system.