This session will explore the digital forensic artifacts found in Windows 10 that can be used in post-incident analysis or computer investigation. It will include where the artifacts are located on disk, as well as analysis techniques, and suggestions for preservation. Highlights will be sync data, Cortana, System Resource Usage Monitor (SRUM), Timeline, Windows Registry, and common logs.
Attendees will:
know which artifacts might be present
how to locate and analyze artifacts
learn how to preserve artifacts when extracting them