Many law enforcement investigators new to the field of computer forensics are often so focused on finding the images and videos, that they miss (or misinterpret) the vast amount of other critical evidence and artifacts that are available to them. Finding that "smoking gun" evidence is great, but it's just the beginning. As the forensic examiner, it's now your job to figure out who is responsible for those contraband files. In order to do that, you will need to learn how to analyze artifacts and user activity. This presentation will introduce new examiners to simple, yet effective ways to analyze artifacts, create a timeline of all user activity, crack passwords, recover deleted data, acquire AND analyze RAM, plus learn how to analyze Event Logs, Thumbcache, Volume Shadow Copies, Virtual Machines and more, in order to take your forensic examinations to the next level. If you are new(er) to the world of computer forensics, this presentation is for you!
Learning Objectives:
Upon completion, participants will be able to locate advanced computer forensic artifacts quickly and easily.
Upon completion, participants will be able to parse, categorize and analyze advanced computer forensic artifacts.
Upon completion, participants will be able to quickly and easily create timelines of all user activity in every case.
Upon completion, participants will be able to identify evidence that will help prove WHO was the responsible party for the crime being investigated.
Upon completion, participants will be able to automatically and quickly perform a wide array of advanced computer forensic processes.
