Dear Padma Pradhan,

Traditionally, cyber forensic comes to play when cyber fraud/misuse/crime has taken place in a cyber/IT system. The detection of loss due to cyber crime acts as a trigger in most of the cases. Thus, traditionally, cyber forensic is a reaction of cybercrime wherein the expert try to investigate and collect digital evidence for zero in the miscreant/fraudster. The experts normally make use of digital trails left during the cyber fraud incident. Digital trails are mostly persistent in nature, and are found in network-devices and end-user devices/equipments.

The live data/volatile data is another distinct/dynamic category of data which are created temporarily by IT systems in their cache / dynamic memories (vanishes when system is powered or gets overwritten). This category of system data also gets dynamically generated when a cyber fraud takes place. The experts look at this category of data as a very potent way to detect cyber intrusion, create alarm, and prevent the cyber crime from succeeding. Further, a capture of such essential data in persistent memory can help cyber experts to sharpen their cyber forensic capabilities.

The antivirus/malware detection tools, operating system based defense can be evolved to act as a potent way of generating evidences/ data for cyber forensic agencies.

Dear Padma Pradhan,

You may want to look over following info:

Live Data Acquisition | Infosavvy Security and IT...

info-savvy.com›live-data-acquisition/

Live Data Acquisition is the process of extracting volatile information present in the registries, cache, and RAM of digital devices..

https://dewesoft.com/daq/what-is-data-acquisition

_____

_____

(PDF) Live Forensic Acquisition as Alternative to Traditional...

https://www.researchgate.net/publication/30511418_Live_Forensic_Acquisition_as_Alternative_to_Traditional_Forensic_Processes

The development of live forensic acquisition in general presents a remedy for some of the problems introduced by traditional forensic acquisition. However, this live forensic acquisition introduces a variety of additional problems, unique to this discipline. This paper presents current research with regards to the forensic soundness of evidence retrieved through live forensic acquisition.

Dear Padma Pradhan,

Review some additional data as well:

https://www.ecpi.edu/blog/what-is-digital-forensics-in-cybersecurity-is-this-a-good-career-for-me

What is Digital Forensics in Cyber Security: Is This a Good...

People who work with digital forensics in cyber security are on the front lines in the fight against cybercrime. They're the people who collect, process, preserve, and analyze computer-related evidence. ... And they use scientific investigatory techniques to do it. Where Digital Forensics in Cyber Security is Used. These days, anyone who uses the internet benefits from digital forensics in cyber security. That's because any company that collects data from internet users employs people who fight and investigate cybercrime. Agencies and organizations have to be hyper-vigilant with the data they collect and protect, so they are constantly testing their systems, looking for vulnerabilities and aggressively pursuing the people who hack into networks in order to commit crimes.

STORE, RETRIEVE, AND VISUALIZATION

The four methods of acquiring data for forensics analysis are disk- to- image file, disk-to-disk copy, logical disk- to- disk or disk- to- data file, or sparse data copy of a folder or file.