A quick reminder when collecting volatile data.
This ought to be done in a specific order as there is a risk of data been modified or lost during this process –
- Registry
- Cache
- Routing table
- Arp cache
- Process table
- Kernel statistics
- Memory /Ram
- Temporary file systems
- Remote logging and monitoring data that is relevant to the system in question
- Network Connections
Following this initial basic order is intended to avoid ‘overwrite’ of data and loss of volatile data.