One of the more interesting challenges in digital forensics is reconstructing the use of \anti-forensic" tools and techniques that users employ to cover their tracks.
Such tools can perform a range of functions, such as clearing Internet history, wiping files or erasing document history. But just how effective are they?
In this presentation, SANS Certified Instructor and experienced digital forensic examiner Nick Klein will dissect one such tool - USB Oblivion - to see exactly how well it works, and what forensic artifacts it actually leaves behind.
Drawing upon tools and methods that Nick teaches in SANS forensic courses, he will demonstrate how to effectively identify the use of this tool, recover some of the evidence it 'wipes' and still reconstruct the user's USB activity.