You must contain a host that is suspected of effecting a violation of security policy. No methods of live evidence acquisition are available. What is your best course of action to preserve the integrity of evidence

If live memory acquisition cannot be accomplished, pulling the plug to end processes is the best course of action because using a software shut-down method runs the risk of altering data on the host disk.
Idealized video documentation of this procedure would include a justification for the chosen course of action.
Depending on how a shutdown has been arranged, that risk's effect may differ.
Delays cost overruns and lost productivity can be caused by a variety of factors, including a lack of knowledge, overly ambitious projections, uncertainty about the scope of the repairs required, and many others.
System shutdown gets the system to a point where it is secure to turn the computer off.

To learn more about the shutdown system refer to:

https://brainly.com/question/6389199

#SPJ4