In this episode I cover using Linux as a forensic platform... for the new guy. I find many examiners are very Windows-centric. There is nothing wrong with that as most tools and evidence is Windows based. However, Linux comes in handy from time to time and knowing some basic commands is always helpful.
In this episode I talk all about virtual machines; the reasons you should be using them (more), prebuilt ones that are freely available and loaded with digital forensic tools and a free virtual machine application that has the same functionality you need as the pay tools.
In this episode we wrap up the File Use & Knowledge artifacts discussed previously and talk about how they connect to help strengthen a case.
Have you ever been asked to find out what the "F" drive is? Have you ever needed to prove a USB drive was attached to a target system? Collecting and presenting this information is a core skill all computer forensic analysts need know. This episode breaks down the process of collecting and interpreting the data necessary to make the connection between USB device and Windows systems.
In this episode we examine how to use Windows Shellbag records to help prove file use and knowledge. Shellbag records are created by certain user activity and can be used to show where a user has navigated to on a computer system and when they did so. Very powerful evidence!
Windows Prefetch data is a great source of evidence to help determine file use and knowledge of applications running on the system.
Oftentimes you will be asked to find information on a target system that shows if a user accessed certain files, the last time they did and/ or how often they did. Being able to put a picture together that answers these questions can be critical and make or break the case.
Windows LINK files are a great source of information when your aim is proving file use and knowledge during a computer forensic investigation. Knowing how to interpret these files will break reliance on automated tools and give you the versatility to quickly examine - interpret - and gain investigative insight.
Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.