3 Days Left! iPad Pro w/ Smart Keyboard, $400 Off, or ASUS Chromebook w/ Online Training!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

AFF4: The New Standard in Forensic Image Format, and Why You Should Care

  • Monday, April 17th, 2017 at 3:00 PM EDT (19:00:00 UTC)
  • Dr. Bradley Schatz
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

The traditional approach to forensic imaging hinders forensic workflow, imposing significant delays between evidence identification and meaningful analysis. Practitioners and responders are faced with the unsatisfactory choice of either forensically preserving only a limited amount of evidence while accepting the risk of missing relevant information (triage), or delaying analysis while waiting for full forensic preservation. This seminar will examine why a new forensic imaging format is needed, and outline the ongoing efforts in standardizing the Advanced Forensic Format 4 Forensic Container (AFF4). Originally proposed in 2009 by Michael Cohen, Simson Garfinkel, and Bradley Schatz, the AFF4 forensic container supports a range of next generation forensic image features such as storage virtualisation, extensible metadata, partial, non-linear and discontinuous images, and moreover significant speed improvements. Current AFF4 implementations include Evimetry, Rekall, the Pmem suite of Memory Acquisition tools, and Google Rapid Response.  The seminar will present an introduction to the format and outline the current state of adoption within the forensic ecosystem.

To learn more on this topic, attend the 10th annual SANS Digital Forensics & Incident Response (DFIR) Summit & Training. This training event brings together the most influential group of experts, the highest quality training, and the greatest industry networking opportunities in one place. Over the course of this eight-day training event, you'll enjoy:

  • Highly technical digital forensics and incident response presentations from the industry's top practitioners during the two-day Summit
  • Nine SANS DFIR courses to choose from to advance your training, build your arsenal of defenses, and learn how to better protect your organization
  • The opportunity to network with fellow attendees at receptions and community-building events
  • A DFIR NetWars tournament to sharpen your skills and solve incident-related challenges

Speaker Bio

Dr. Bradley Schatz

Bradley Schatz leads the digital forensics consultancy Schatz Forensic. Since the completion of a PhD in Digital forensics in 2007, his principal role has been as a DF practitioner in private practice. He has remained an active researcher in the field, with the practical contributions of Bradley’s research including, in 2010, bringing Windows Vista and Windows 7 analysis to the Volatility framework.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.