Bradley Schatz, Ph.D. (Schatz Forensic)

Abstract

The AFF4 evidence container format enables dramatic time savings in standard forensic workflows, and new approaches to acquisition and live analysis. Aimed at experienced practitioners, this workshop will provide the knowledge and skills to identify and avoid common bottlenecks in forensic workflows, undertake acquisition and analysis of emerging evidence sources such as Cloud (IAAS) servers, and apply new techniques such as forensically reproducible live analysis. This seminar will be a mixture of theory and practical exercises focused on storage and volatile memory, using Evimetry, open source AFF4 tools, and conventional forensic tools.