Tag Archives: Windows Forensics

FTK Filters are Your Friend

I have been working on a forensic investigation of about 20 Windows Server 2008 R2 VMs using FTK 4.2. FTK makes examining many systems manageable. One feature that has saved me a tremendous amount of time is the Filters feature. … Continue reading

Posted in Forensics | Tagged , , , | Leave a comment