A while back, Torrentspy made the technical argument that it couldn't turn over its logs because it didn't keep them: the information on access was stored in RAM. Because the RAM wasn't stored, they claimed, they had no logs to give.
In what is probably the widest gulf between the real world and the legal system this decade, a Magistrate judge dropped the ball, saying information stored in RAM must be preserved: the judge making the ruling stated that capturing this data would not be an 'undue burden'.
There was much discussion on news sites around the world about what this meant: Many people believed that this ridiculous ruling would be overturned on appeal.
The technical challenges posed by this are interesting. So what do you do? Read all the data out of the RAM and write it to disk every second? Even if you only record what's changed: that's a lot of data. It would also bog the ram down to the speed of the disk (1000x slower, or so).
And due to the way modern OS's implement virtual memory, is there any way to determine at all what constitutes an IP address from a RAM dump, or will it all be just gibberish?
I have no suitable category for this story. Even 'WTF' doesn't do it justice.