Tuesday 5th November, 2013
1:00pm to 1:35pm
bulk_extractor is a fast, powerful tool that every investigator should have in their toolbox. bulk_extractor searches digital media and evidence files for common artifacts and patterns, and its multi-threaded design takes full advantage of your hardware to get initial results faster than any other tool. It works on Windows, Linux, and MacOS X.
This presentation covers command-line operation and gives an overview of each “scanner” in bulk_extractor. We’ll spend some time discussing how to take advantage of its search capabilities for use with your own keywords, including how to specify different encodings and pulling out surrounding context in the data. Finally, we’ll show how to work with bulk_extractor’s output so you can continue your investigation without starting over.
1:40pm Making Molehills Out of Mountains: Data Reduction Using Sleuth Kit Tools by Tobin Craig
Sign in to add slides, notes or videos to this session