Finding Insider Threats
With Windows Operating Systems and Feature Updates coming out multiple times per year, each potentially providing new forensics artifacts as well as updates to old ones, keeping up can be a pain point for investigators. Modern forensics tools help by parsing evidence into easily digestible pieces. This, however, can have the unfortunate effect of lulling investigators into thinking that only a surface knowledge of each artifact is good enough. Certainly one investigator can’t know everything, but sometimes a deeper knowledge of the more useful areas of digital evidence is necessary to validate critical findings. Luckily, BlackLight supports the investigator’s need to dig deeper.
Watch our on-demand webinar as BlackBag’s Senior Digital Forensics Researcher, Dr. Vico Marziale, and Training Director, Matt McFadden, take you on a wild ride tracking an insider threat across the windows forensic landscape.
Specifically, this webinar will dive into:
• How filesystem-specific attributes can come into play
• Multiple ways to track and verify file accesses and program executions
• New ways to track removable devices, and more accurately verify the specific piece of hardware used
• Leverage memory forensics to find trickier bits of evidence