Incident Response: Speed Can Mean the Difference Between Success and Failure
When it comes to investigations and incident response speed is all important. The faster an examiner gets the data in a consumable form the faster an incident can be diagnosed and resolved. Even when time to resolution isn't sensitive, response speeds can be critical to ensure that the relevant data is preserved. Every minute critical data sits on a target machine the odds that the data will dissolve, be deleted, over-written, or altered increases dramatically. This is particularly true in the case of incriminating data, malicious code or evidence of hacking, because that data is generally located in volatile memory (RAM), which is constantly changing.