3 Days left to get an iPad Pro with Smart Keyboard, Surface GO or $350 Off with Online Training


To attend this webcast, login to your SANS Account or create your Account.

Anti-anti-forensics in action - Recovering from (USB) oblivion

  • Tuesday, February 24th, 2015 at 3:00 PM EST (20:00:00 UTC)
  • Nick Klein
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


One of the more interesting challenges in digital forensics is reconstructing the use of "anti-forensic" tools and techniques that users employ to cover their tracks.

Such tools can perform a range of functions, such as clearing Internet history, wiping files or erasing document history. But just how effective are they?

In this presentation, SANS Certified Instructor and experienced digital forensic examiner Nick Klein will dissect one such tool - USB Oblivion - to see exactly how well it works, and what forensic artifacts it actually leaves behind.

Drawing upon tools and methods that Nick teaches in SANS forensic courses, he will demonstrate how to effectively identify the use of this tool, recover some of the evidence it 'wipes' and still reconstruct the user's USB activity.

Speaker Bio

Nick Klein

Nick is the Director of Klein & Co. Computer Forensics, the leading independent computer forensic team from Sydney, Australia. He has over fifteen years of IT experience, specialising in forensic technology investigations and presenting expert evidence in legal and other proceedings. Nick and his team have been engaged as experts in hundreds of cases including commercial litigation and electronic discovery, criminal prosecution and defence, financial fraud, corruption, employee misconduct, theft of intellectual property, computer hacking and system intrusion. He was previously a senior director in Deloitte Forensic and a team leader in the High Tech Crime Team of the Australian Federal Police, where he worked on international police investigations and intelligence operations including counter terrorism, online child abuse, computer hacking, and traditional crimes facilitated by new technologies.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.