Hi,
In modern digital world the main problem is cyber crime.And the
acquisition is the method to colllect evidence against this
crime.There are two types of acquisition.They are live acquisitions
and dead acquisitions.The pros and cons of both are given
below:
Live Acquisition |
Dead acquisition |
PROS:
- it can be used to acquire both static and
dynamic ,volatile data as the collection of data is taking place by
turning on the system.
- It provides consisten and verifiable acquisition.
- Relevant data is obtained as datas are retrived from a running
computer.
- Short time is needed to investigation.
|
PROS:
- The process is simple and reliable as it is done when the
system is powered off.
- It does not require any more knowledge abou the system.
- It can be verified at any time.
|
CONS:
- Datas are collected when the computer is on,and different
computers have different installations and the person who are
doiong the acquisition should have full knowledge about the
system.
- It produces slurred images when the data is obtained from a
modifies system.
- Limited datas are available.
- In distrusted network it is difficult the case of authenticity
and reliability.
- Collection of evidence is obstructed as anti forensic tool kits
are available.
|
CONS:
- The data collected by the examiners can be encrypted by the
attackers by using cryptography techniques.
- The information produced are volatile and they may lost when
the system is turned off.
- Need to analyze more data so it is time consuming.
- It requires more space to store the information.Certainities
are there due to lack of standardised procedure.
|
On compairing the dead and live acquisition,a live acquisition
is a solution to the cons of dead acquisition.A dead aquisition is
a traditional method and it is volatile and all the collected
information lost and of no use.So a live acquisition is
provided.And when the system is encrypted with password it is
better to use a live acquisition.It is missed in dead aquisition
method.
The verification is not easier as it require hue ammount of data
need to be collected and takes more time to verify the data and
need to extract which are the valuable data and which are the
correct information.
Hope you help...
Thank you...