SANS Cyber Defense Initiative® 2020 Live Online: 30+ Interactive Courses | Virtual NetWars Tournaments. Save $300 thru 11/18


To attend this webcast, login to your SANS Account or create your Account.

Best Finds in DFIR for 2014

  • Tuesday, April 08, 2014 at 1:00 PM EDT (2014-04-08 17:00:00 UTC)
  • David Cowen

You can now attend the webcast using your mobile device!



After another year of research into all things DFIR, weve walked away with a lot of new tools and artifacts to look at. This presentation will go through what we think are the most useful and relevant of those:

  • Detecting writes to NTFS disks with the ntfs-3g driver
  • Recovering MTP access
  • Outlook attachment access
  • Artifacts from renaming accounts in Windows 7
  • Using task scheduler logs to recover past logins

Dont miss the Digital Forensics and Incident Response (DFIR) Summit & Training event which combines hands-on DFIR classroom training with trending DFIR summit speakers together into ONE premier event. Choose from 5 DFIR training classes and add on the two-day action-packed Summit that will help you build your DFIR Skills to new levels. One of the few DFIR-only training events on the SANS calendar! Join the most innovative minds in the industry to tackle advanced DFIR issues. Download the full agenda to read complete session descriptions and the full line-up at


Reduce your Summit registration fee from $1,495 to $495 when purchased in conjunction with a full priced 4-6 day course a savings of $1,000! Discount automatically applied during registration.

Register today

Speaker Bio

David Cowen

Mr. Cowen has more than sixteen years of experience in the areas of integration, architecture, assessment, programming, forensic analysis and investigation. He currently holds the Certified Information Systems Security Professional certification from (ISC)^2. He has have been trained in proper forensics practices by the High Tech Crime Investigators Association, ASR Data and Guidance Software and SANS amongst others. He is an active contributor within the computer forensics community where he frequently present and train on various forensic topics. He has managed, created, and worked with multiple forensics/litigation support teams and associated procedures. His experience spans a variety of environments ranging from high security military installations to large/small private sector companies.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.