It is our intention that the webinars we provide will give you invaluable information covering a wide range of different and diverse subjects which will help you in the development of your career.
Each of the Spyder Forensic’s is presented by an expert in his field and they will give you the opportunity to ask questions in the live question and answer sessions.
BitLocker volume encryption can be found in almost every version of Windows 10 therefore its highly likely you will encounter encrypted volumes throughout your career as a forensic examiner. The encryption is deployed to protect host data and removable devices against unauthorized access and brute force attacks thereby making it impossible to gain access to the data without the correct keys. Various forensic techniques exist that allow examiners to overcome BitLocker protection if good workflows are in place and access to the recovery key is possible. In this webinar, we’ll explore techniques in reviewing the data in the BitLocked volume and the story it can tell us about volume usage. We’ll review what has changed with Windows 10 updates and explore workflows in the successful examination of data from within encrypted volume and examination techniques in recovering deleted data at the physical layer of the volume.
With the release of Windows 10 1903 came a new set of features to allow the system administrator to use Linux to administer the system, virtualize the Edge browser and Sandbox a Windows environment. In this session we will explore the legitimate uses of these features and examination techniques to identify user interaction and exploring the artifacts these processes leave on the host system. Attendees will learn of the challenges in identifying nefarious activities conducted through these processes when a user is exploiting these features to conceal their actions.
Traditional forensic examinations are focused on the artifacts only located on host systems (host-based forensics) however many of these items may be replicated across different devices if the custodian is using a cloud-based solution to store their data. Many existing digital forensic tools are challenged by the artifacts they discover in these areas and how to read the story these offline files tell. This session will introduce the audience to the challenges faced with identifying remote data and examine artifacts located on the host system when Microsoft365 is used to access these objects. We will also dive into OneDrive cloud storage options and how to examine locally stored items and the extraction of data in synchronization logs.
Email forensics is applicable to a wide range of different case types that you may encounter as an examiner. Email as a communication medium is essential to our lives and thus a vast amount of information gets stored within email archives. This fact coupled with the informal nature of email can often provide the “smoking gun” within a case. During this session we will review the Windows 10 Mail application and the artifacts found on the host system. Attendees will learn of the multiple locations the data will be stored in the user profile and examination techniques to link together these artifacts.