System files may tell you a lot about the user or malware actions on a computer or a laptop. They may give you a hint about deleted files, opened documents, computer reboot or malware persistence.
In this session, we will discuss what you can extract from Windows registry, event logs, Amcache/ShimCache/Syscache, BAM/DAM, AppInit DLLs, jumplists, Windows 10 timeline and remote connections data.
With the help of the newest version of Belkasoft Evidence Center, you will be able to find important artifacts inside system files, which will help you to solve a forensic case or an incident response case.
This webinar will be useful for both law enforcement and the private companies' investigators.