by Adham Hisham
LinkedIn
SANS FOR 500 Poster
Tools
Part 1: Data and Stream Extraction
- Memory and Triage Acquisition
- Mounting Disk Images
- File System Overview
- Data Steam Carving
- File Metadata
- File Carving
Part 2: Registry Forensics
- Windows Registry Overview
- Registry Forensic Analysis