This session will explore the digital forensic artifacts found in Windows 10 that can be used in post-incident analysis or computer investigation. It will include where the artifacts are located on disk, as well as analysis techniques, and suggestions for preservation. Highlights will be sync data, Cortana, System Resource Usage Monitor (SRUM), Timeline, Windows Registry, and common logs.

Attendees will:

know which artifacts might be present 

how to locate and analyze artifacts

learn how to preserve artifacts when extracting them