DFRWS 2010 Keynote Speakers

Troy Larson

We Do Windows: Surviving in the Vanguard of Windows Forensics

Abstract: Address the challenges for the Microsoft internal network security team in working with the unknowns in latest versions of Windows. While most of the world is still working on XP, Windows 8 is already on the Microsoft network. The problem is looking at each new version of Windows and figuring out what the new evidentiary artifacts are and how to examine them. It is a much harder job than it sounds, because there is no one source of information about everything that is new in the latest version of Windows or Office. This process includes review of source code, coordination with developers for detailed information, review of specifications, running tests, examination in hex editors, etc.

©2001-2016 DFRWS   |   dfrws [at] dfrws [dot] org  

DFRWS is a US 501(c)(3) non-profit organization.