Using OSForensics for ICAC Investigations & Forensic Examinations (EXHIBITOR WORKSHOP)

Many law enforcement and ICAC investigators are so often focused on simply finding the images and videos, that they miss the vast amount of critical forensic artifacts that are easily available to them with the right tool. This presentation will introduce ICAC investigators and forensic examiners with simple, yet effective ways to recover and make sense of a variety of forensic artifacts. Attendees will learn how to create a timeline of all user activity, retrieve passwords, recover deleted data, acquire and analyze RAM, Event Logs, Thumbcache, Volume Shadow Copies, Virtual Machines and more. Attendees will also learn how to easily and automatically, create a virtual machine of the suspect’s system, and how to effectively use this approach for both courtroom presentation, as well as hunting for additional forensic artifacts. If you are new(er) to the world of computer investigations and forensics, or simply looking for some new ways to enhance them, this presentation is for you!