19th-20th November 2011 - Melbourne, Australia
It is common for practitioners approaching the field of digital forensics to find aspects of the field to appear contradictory or obscure. Good practice guidelines recommend preventing changes to evidence while approaches such as live forensics and triage operate directly on live evidence. Practitioners hesitate to employ open source tools as they are not "court validated" while their closed source brethren exist in an environment lacking in transparent validation. This talk will focus on such areas, touching on subjects such as admissibility, completeness, integrity and court validation, drawing on actual cases as examples.
Bradley Schatz divides his time between practice and research in the area of digital forensics. His research ranges from enabling live forensics in the energy sector to digging into the lowest layers of the hardware software stack, while his practice ranges from investigating claims of IP theft to reconstructing the behaviour of software. The practical outcomes of Bradley's past research may be found in the AFF4 forensic file format and the Volatility memory forensics framework.