I am writing a scope of work for an educational institution that wants to collect a point in time snapshot of several development application and database servers that are running a custom Oracle database.
I have many questions….does the DB need to be down; can the machine be imaged as a whole and possibly put on a machine in a few years for litigation, etc.
Any help on this matter would be greatly appreciated.
There is too much to go into, here, and too little information upon which to base a recommendation but I'll repeat what I have said in other forums, namely, that database forensics is not like dead-box forensics and should not be attempted by someone who doesn't understand the fundamentals of that particular database administration.
You are, potentially, putting yourself or your company at risk if you are selling your services as a database forensicator without the knowledge of a DBA, especially if the data may be used in litigation.
Also, you didn't say what version of Oracle you are using, which is important since older versions of Oracle have limited point in time recovery unless you are also archiving the REDO logs. (Again, get a DBA).
You may also be able to do what you want with backups, assuming that you have them.
You do not need to shut Oracle down for either database exports (which will give you the logical database), or Oracle dumps, either of which could be used to rebuild your database on another machine, assuming that you perform them, correctly.
If you believe that you will need to do a forensic examination of the database (i.e., look at the database "slack"), then you'll want a copy of the entire system for which you will need to shut the system down. Note that in some instances, shutting down and restarting Oracle will result in changes which could be significant forensically (again, this depends upon what you are looking for).
Really, I'm being a bit unfair, here, because there are too many considerations and too little information. Get youself a DBA, if possible, one with forensic experience, and describe for them exactly what you hope to discover/preserve.
This will tell you how to proceed.