SUMMARY

In this chapter we have discussed multiple techniques that can be used to gather information from a system without taking it offline. This included collecting an image of system memory for later offline analysis. Analyzing this image will be be discussed later in this book (Chapter 8: Memory Analysis). In the next chapter we will turn our attention to traditional dead analysis which requires us to shut down the subject system.

CHAPTER