Computer forensics is a challenging, ever evolving field that involves years of training and experience before many examiners feel confident and competent in this role. This presentation will introduce attendees to simple, yet effective ways, to acquire and analyze Memory Images (a.k.a. RAM dumps), $USN Journals, understand extended NTFS time stamps, Volume Shadow Copies, ESE and SQLite databases, Virtual Machines and more. Attendees will also learn simple methods to perform tasks such as rebuilding RAID arrays, extracting passwords, manually carve files from unallocated space, and creating a master Timeline of Activity they can include in every report. If you are new(er) to computer forensics and/or have had limited training and experience in this field, this is for you! This workshop will only be recorded and available On-Demand from August 9, 2021 until December 17, 2021.
To raise awareness of important digital forensic artifacts the attendee may not be familiar with or aware of.
To provide attendees with a basic understanding of these artifacts and why they can be very valuable to their forensic investigations.
Expose the attendees to simple methods and ways to analyze these artifacts and how they can easily extract relevant information from them that can then be included in their final case report.