Computer forensics is a challenging, ever evolving field that involves years of training and experience before many examiners feel confident and competent in this role. This presentation will introduce attendees to simple, yet effective ways, to acquire and analyze Memory Images (a.k.a. RAM dumps), $USN Journals, understand extended NTFS time stamps, Volume Shadow Copies, ESE and SQLite databases, Virtual Machines and more. Attendees will also learn simple methods to perform tasks such as rebuilding RAID arrays, extracting passwords, manually carve files from unallocated space, and creating a master Timeline of Activity they can include in every report. If you are new(er) to computer forensics and/or have had limited training and experience in this field, this is for you!