What data acquisition method did Hudson initiate while investigating a running computer?

Live data acquisition is the method Hudson employed while investigating a running computer. This technique involves capturing volatile data while the system is still powered on, which is critical for obtaining information that would otherwise be lost if the system were shut down. In many cybercrime investigations, real-time information such as active network connections, running processes, and unsaved data exist only in memory and can provide invaluable insights into ongoing activities and potential threats.

Live data acquisition is particularly useful when dealing with dynamic environments, such as servers or systems running crucial applications, where shutting down the system can cause loss of evidence or further damage to the integrity of the investigation. By using this method, the investigator can secure evidence that might be altered or deleted if the computer were to be turned off.

Other methods such as static data acquisition focus on obtaining data from a powered-off system, data recovery refers to retrieving data from damaged or corrupted storage, and logical data acquisition involves capturing files at a logical level, rather than at the physical level of the storage medium. While all these methods are important in different contexts, they do not apply to an active system like live data acquisition does in this scenario.