Computer forensics, e-discovery and incident response methods and systems

摘要: Systems and methods for collection of volatile forensic data from active systems are described. In an embodiment the methods, a selected set forensics items can be selected. Runtime code capable launching modules removable storage device with little or no user input is generated stored on device. The then accomplished covertly using by person minimal training. another embodiment, pre-deployed agents in communication servers controlled console software collect according to schedule, immediately at command analyst remote administrative console, response triggering event.