DFWRS Conference
Some good forensic’s presentations from the DFRWS Confernce found here. I really enjoyed Rich Murohy’s paper on Automated Windows Event Log Forensis. I am happy some in this field (Harlan Carvey too) are addressing the point and click short comings of Encase, FTK, Pro Discover, and all. I would also check out Andreas Schuster’s paper on Windows Vista Event Log Format in addition to the ever great submissions to the File Carving Challenge.
Leave a Reply