Forensics Tools and Processes for Windows XP Platforms® presented at BlackHatAsia 2002

by Larry Leibrock,

Summary : This overview will involve case investigation procedures and a set of advanced tools for the imaging, forensics review and reporting processes involving Windows client platforms. The course will include use of a set of tool to analyze digitally stored case evidence on exclusively Windows XP systems.
These items of evidence are becoming increasingly important in a wide variety of administrative, civil and criminal cases, and numerous law enforcement agencies, which have trained personnel, to retrieve this evidence from computers. To increase the effective investigation and prosecution of criminals who utilize computers, it is critical for systems professionals and investigators to understand the basic concepts of information technology, computer security, evidence controls and the forensic examination of digitally stored information.
In this intensive talk, attendees will receive vital information on the processes and tools used to collect and analyze digital evidence on Windows XP. In addition to reviewing the typical areas where digital evidence may be located or hidden within a computer a range of forensics tool kits will be used to extract such information.