Evidence Acquisition and Analysis from Live Exchange

A great amount of legal and forensics discussion is involved when there is an investigation procedure that involves the seizing of crucial evidence from Live Exchange server. Whenever there is such an investigation, two things remain in focus

1. Identification of suspect evidence from the network
2. Collection approach that maintains exactitude of evidence

There has been an increasing effort in the theory of live imaging approaches because of the liabilities that come up when a server is taken down. In such a situation, the rules of law and evidence acquisition have caused new approaches and techniques of acquiring electronic evidence to be formed; many of these are specifically targeted at the large storage of data.

What are the data that are generally in question?

Read More


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


Leave a Comment