root@forensics:~$ open_glossary_term
RAM CAPTURE
RAM capture collects volatile memory from a running system, preserving data that may disappear when the system is powered off.
// PROFESSIONAL_DEFINITION
RAM Capture
RAM capture collects volatile memory from a running system, preserving data that may disappear when the system is powered off.
It can matter in malware, encryption, active compromise, or live response scenarios.
Do not power down a live system until a forensic responder decides whether volatile data should be collected.
// RELATED_TERMS