Dear Group, I just wanted to know more about the tradeoff's between turing poweroff and booting back the system for forensic analysis, doing the analysis without turning it off. I was thinking about memory based tracks. I mean metasploit is releasing new payloads like MAFIA some of whose modules reside on the memory like SAM Juicer. For those exploits that resides in memory, how can you perform a forensic analysis. If you keep it ON and do an analysis, wont the metasploits function to disable your end input such as the keyboard, mouse or even the stdout being disabled, stop your analysis. I am sorry if the question is stupid or like framed really bad. I was just confused about the tradeoff's in those levels.
Kind Regards, Shyaam PS: Sorry if my question was not phrased properly
