Forensicswiki.org has moved to this site, forensicswiki.xyz. For information, please join the Google Group forensicswiki-reborn
Jump to navigation Jump to search
- Physical memory of a computer can be imaged by performing cold boot attack without running tools on an untrusted OS;
- Acquisition over a network connection without running tools on an untrusted OS;
- No need to reconstruct RAID arrays;
- Out-of-date software;
- No simple way to reconfigure Live CD: you cannot easily rebuild foo to support bar (e.g. rebuild Sleuthkit to support AFF).