Live Response Onsite Triage: Portable Computer Forensics Software to Acquire Volatile Data

Reveal the Truth: Volatile Data Collection from a USB Key

Live Response is the only USB key that enables first responders, investigators and IT security professionals to collect the live volatile data, which will be lost once the computer system is shut down. Acquire ALL volatile and requested data from a live system — in just minutes! Simply insert the USB key, and instruct the system to gather only the data you desire from a menu of options. Live Response will then collect and store the data directly onto the device within minutes. When you are finished, you can simply eject the USB key and walk away.

Data Collected By Live Response

  • Physical memory
  • Network connections, open TCP or UDP ports, NetBIOS
  • Currently logged on user / user accounts
  • Current executing processes and services
  • Scheduled jobs
  • Windows registry
  • Browser auto-completion data, passwords
  • Screen capture
  • Chat logs
  • Windows SAM files / NTUser.dat files
  • System logs
  • Installed applications and drives
  • Environment variables
  • Internet history

With Live Response’s easy-to-use graphical interface, investigators around the world can conduct computer forensics investigations quickly and easily.

  • Acquire data including hidden or deleted items
  • Store and transfer data easily
  • Analyze data collected
  • Review data collected
  • Compile report with results