Bradley Schatz, Ph.D. (Schatz Forensic)

Abstract

Link to downloads: https://dfrws.github.io/dfrws2019-EU-workshops/topic-07-Modern-Acquisiti...

 

Forensic acquisition isn’t the known quantity that it once was. With new storage devices like SSD’s and NVMe, new filesystems like APFS, and computers increasingly become locked down, the old techniques and assumptions will only get you so far. This workshop will examine where the old techniques fail or are a poor choice for today’s evidence sources; teach forensically sound techniques for acquiring modern computer, mobile, and cloud evidence; and identify new techniques for accelerating forensic workflow. 

Learning objectives:

- Understanding the limitations around acquisition of modern SSD & NVMe storage, encrypted disks, and locked devices;

- Understand techniques for acquisition of modern devices;

- Identify where next generation acquisition techniques are required or will speed workflow;

- Identifying where bottlenecks in forensic process exist, their causes, and means of tuning and optimising.