Of course tho' I doubt it be enough for evidence in court especially if everything is bought with fake aliases.
And the saving memory contents (could hold config files on tmpfs for example) seems to be a difficult process, from wikipedia
"Holding unpowered RAM below −60 °C helps preserve residual data by an order of magnitude, improving the chances of successful recovery. However, it can be impractical to do this during a field examination."
It would be interesting to get perspective from any forensic experts.
The key imho is to put as many hoops in attackers path.
And the saving memory contents (could hold config files on tmpfs for example) seems to be a difficult process, from wikipedia "Holding unpowered RAM below −60 °C helps preserve residual data by an order of magnitude, improving the chances of successful recovery. However, it can be impractical to do this during a field examination."
It would be interesting to get perspective from any forensic experts.
The key imho is to put as many hoops in attackers path.