±Forensic Focus Partners
±Your Account

![]() |
![]() |
![]() |
![]() |
±Latest Articles
±Latest Jobs
±Latest Webinars
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
No desktop - no live acquisition.
You need access to the machine to start several software with admin permissions.
Your question gives me the impression you are a newbie in Digital Forensics. Do you have access to a Technical Library or Amazon perhaps to read some books about the basics of DFIR?
Since the OP specified in his question a laptop, the way you phrased that might be ambiguous...
... ducks ...
jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. -
Well, yes. That's one of the possible starting points. There are others. Sometimes you have to start to devise a method something like a year before you need it.
In some situations you can't do it.
"Live" doesn't mean that you're always successful. Failure is one of the possible ending points.
Its very often up to you or your team to understand the target system well enough to devise a possible solution. It is not a Carnegie. There's no easy book that works every time on how to win friends, influence people and do live acquistions.
Back to top
Back to main
Back to content
Live Acquisition
Live Acquisition
Posted: Thu Mar 29, 2018 2:21 pm
Hi guys,
I am a bit confused how to start live acquisition on running machine (Laptop(Windows 10)) which is being password-protected. Let's assume i cannot ask anyone for the password to get access to a suspect account.
How does live acquision works?
I mean it cannot be that machine isn't protected with password so what kind of actions has to be done to conduct live acquisition?
Thank you!
I am a bit confused how to start live acquisition on running machine (Laptop(Windows 10)) which is being password-protected. Let's assume i cannot ask anyone for the password to get access to a suspect account.
How does live acquision works?
I mean it cannot be that machine isn't protected with password so what kind of actions has to be done to conduct live acquisition?
Thank you!
-
mhibert - Newbie
Re: Live Acquisition
Posted: Thu Mar 29, 2018 9:20 pm
Are you studying for a computer forensics degree or class?
-
UnallocatedClusters - Senior Member
Re: Live Acquisition
Posted: Fri Mar 30, 2018 5:21 am
- mhibertHow does live acquision works?
No desktop - no live acquisition.
You need access to the machine to start several software with admin permissions.
Your question gives me the impression you are a newbie in Digital Forensics. Do you have access to a Technical Library or Amazon perhaps to read some books about the basics of DFIR?
-
Bunnysniper - Senior Member
Re: Live Acquisition
Posted: Fri Mar 30, 2018 9:05 am
- Bunnysniper
No desktop - no live acquisition.
Since the OP specified in his question a laptop, the way you phrased that might be ambiguous...
... ducks ...

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. -
-
jaclaz - Senior Member
Re: Live Acquisition
Posted: Fri Mar 30, 2018 9:33 am
- mhibertI mean it cannot be that machine isn't protected with password
Well, yes. That's one of the possible starting points. There are others. Sometimes you have to start to devise a method something like a year before you need it.
In some situations you can't do it.
"Live" doesn't mean that you're always successful. Failure is one of the possible ending points.
Its very often up to you or your team to understand the target system well enough to devise a possible solution. It is not a Carnegie. There's no easy book that works every time on how to win friends, influence people and do live acquistions.
-
athulin - Senior Member