This week I take a look at three popular computer forensic suites: FTK, Encase and WinHex. I offer my opinion as to the strengths and weaknesses of each.
If you take a look at all the different DFIR certifications that exist today you can easily get overwhelmed. There are so many to choose from it puts meaning to the saying that too many choices is no choice at all. In this episode I take a look at digital forensic certifications from two different vantage points to provide a little guidance to those that may be trying to advance themselves through a certification or two.
For those looking to get some real world hands-on experience in DFIR to build up or expand your skill set, check out honeynet.org. The non-profit offers information and challenges to help sharpen your skills.
This week I talk about Amcache Forensics, a Windows artifact that collects details about programs that have been run on a given system. This evidence can support malware/ intrusion investigations, file use and knowledge exams and data spoliations inquiries.