Intro-to-DFIR
Workshop @ CPP
This will host my slides and info needed for the presentation.
Things needed: MacOS/Linux/Windows Machine with preferred choice of forensics software. I will be demoing Autopsy, FTK Imager, RegRipper, and Magnet AXIOM* in the workshop. Windows is the reccomended OS- RegRipper does not have a GUI on MacOS.
We are using the MS7-Jean images provided by Digital Corpora here: https://digitalcorpora.org/corpora/scenarios/m57-jean
Massive thanks for providing the images to use.
Tools: Autopsy:https://autopsy.com/
FTK Imager:https://accessdata.com/product-download/ftk-imager-version-4-2-1
You will need to make an "Account" to get access to the download.
RegRipper:https://github.com/keydet89/RegRipper2.8
Log Parser 2.2: https://www.microsoft.com/en-us/download/details.aspx?id=24659
Magnet AXIOM:https://www.magnetforensics.com/products/magnet-axiom/
*AXIOM is a paid product. Massive thank you to my boss DW at Cylance for helping out and getting us access for the workshop.