Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Live acquisition captures volatile evidence like RAM, processes, and network connections from a running system before it is powered off and the data is lost.
Live Acquisition Definition: Live acquisition captures volatile evidence like RAM, processes, and network connections from a running system before it is powered off and the data is lost.
Live acquisition is a forensic process of collecting digital evidence from a system while it is still powered on and running, in order to capture volatile data that would be lost on shutdown. It targets artifacts such as RAM contents, running processes, open network connections, decrypted volumes, and active user sessions, and is increasingly necessary against full-disk encryption and fileless malware. Because the act of collection alters system state, examiners use validated tools and document their actions to preserve evidentiary integrity and order of volatility.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →