In many cases, Attackers are aware of many conventional Forensics investigation techniques and have since use sophisticated attackers, which do not leave a trace on the Hard Drive. These attacks are run and stored in RAM, and Criminal Organisations like the Rock Pish Gang store have covered their tracks using such methods
Cold Boot Acquisition is the Process of Acquiring the Data Stored in RAM, while not affecting the evidence stored on the hard drive. They are acquired independently and forensically sound. A major benefit of such acquisitions is that most encryption keys would be stored in the RAM meaning that with such an acquisition SSR-i is able recover encrypted data off a system regardless of technique used.
