Live Forensic Acquisition Techniques
Joe Partlow
Forensic engagements typically start with some sort of evidence acquisition of malware or breach activity. Unfortunately most of the time we end up with a just drive image that loses many important artifacts. Many excellent commercial tools exist to pull this live information, but they are expensive and not always thoroughly deployed. In this talk we will go over some helpful methods and items used to quickly acquire digital evidence and share some open source automation scripts we use on a regular basis to assist in the acquisition process.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek