Unlock Digital Detective Skills with the 2025 Forensics Challenge – Solve the Cyber Mysteries!

Boney employed live acquisition to collect evidence data from a powered-on system, which is the correct technique for this scenario. Live acquisition refers to the process of collecting data from a system that is currently running. This method allows forensic investigators to gather information that may not be accessible through other means, especially volatile data held in RAM, such as open files, running processes, and network connections.

During a live acquisition, it is possible to capture the state of the system at the moment of examination, which can provide critical insights into user activity, malware presence, or other time-sensitive information. This technique is particularly useful in situations where data could be lost if the system is powered off or if there are ongoing processes that need to be documented.

In contrast, the other techniques mentioned involve different approaches or conditions which do not apply to the scenario. Off-line acquisition typically involves collecting data from a system that has been powered down, which would not be viable for a powered-on system. Snapshot acquisition refers to taking a point-in-time copy of a system's state, but it usually requires the system to be offline or a specific method of virtualization to be in place. Cold acquisition, similar to off-line methods, involves disconnecting the power and removing the data storage device