Which evidence source contains the least volatile data?

Archival media is indeed the source that contains the least volatile data. This type of evidence source refers to storage media that is designed for long-term data retention. It typically includes formats such as external hard drives, tapes, or cloud storage services where data is deliberately preserved for future reference. Unlike RAM, active memory, or processor cache, which store temporary data that can easily be lost when power is cut or systems are rebooted, archival media is intended to hold data reliably over extended periods.

In the context of digital forensics, the volatility of data refers to how quickly it can be lost or altered. RAM, active memory, and processor cache are all examples of volatile memory, which means that once the device is powered off or encounters a crash, the data stored in these areas is erased. Conversely, archival media retains data in a stable state, making it a valuable source during forensic investigations, as it maintains records that can be analyzed long after the original events occur.

This inherent stability and the design focus on long-term storage make archival media the least volatile among the evidence sources listed.