Revision as of 10:17, 16 November 2008 by .FUF
- Physical memory of a computer can be imaged by performing cold boot attack without running tools on an untrusted OS;
- Acquisition over a network connection without running tools on an untrusted OS;
- No need to reconstruct RAID arrays;
- Out-of-date software;
- No simple way to reconfigure Live CD: you cannot easily rebuild foo to support bar (e.g. rebuild Sleuthkit to support AFF).