The process of conducting a proactive Forensic investigation begins with
data acquisition. The process of obtaining Forensic data involves more than just
moving files from one device to another. To generate a Forensic duplicate of the data,
investigators use Forensic data acquisition to try and retrieve every bit of information
from the victim system's memory and storage. Furthermore, the creation of this
Forensic duplicate needs to ensure that the data's verifiable integrity is maintained and
that it can potentially be used as evidence in court. The basic ideas of data acquisition
are covered in this chapter, along with the several processes that make up the data
acquisition methodology.
Keywords: Acquisition methodology, Data acquisition, Evidence integrity, Live analysis, Volatile data.
