CYBF 675 Live Response and Live Acquisition
Explores the fundamental differences between classical media analysis in dead box forensics and live responses and live acquisition. Students will perform both a live response to an information system that has been hacked and a live acquisition of media and memory on a running system that has been compromised. Students will then analyze the results for evidence of attack and compromised data. Finally, students will create detailed reports with findings from live responses and acquisitions.