Students will use tools that include Registry Recon, Registry Explorer, and RegRipper to dig into document, network, application, and storage device activity, answering compelling questions that digital forensics practitioners often have, such as:
- What removable storage devices were attached over time?
- When was malware "dropped?"
- Which documents were accessed by each user?
Arsenal instructors will emphasize how analysis of these activities impacts both civil and criminal cases.