Live forensics: diagnosing your system without killing it first

Live forensics gathers data from running systems, providing additional contextual information that is not available in a disk-only forensic analysis.