Home Presentations Automating Analysis with Multi-Model Avocados

Automating Analysis with Multi-Model Avocados


In every case you work on, someone is asking you to get answers faster but without introducing more human error. Depending on the case, there are “go to” artifacts that help us to quickly answer basic questions. As the questions get more complicated so can the analysis. Oftentimes, the need arises to correlate multiple artifacts to get a more accurate answer to a complex question. We can sometimes lose the macro focus when reviewing individual artifacts, missing how they all relate to each other to allow for a deeper and faster understanding of a system. This presentation will provide insight into the importance of tool output, and then look at methods and technologies for automated correlation of forensic artifacts to answer more complex questions. A demonstration will introduce you to one method that utilizes the multi-model database, ArangoDB, to correlate artifacts and produce reports of more complicated questions such as “What volume serial number does a shellbag entry relate to?”, “What is the timeline of external device usage?”, and “What executables are no longer on the system?”

Load More Related Articles
Load More In Presentations
Comments are closed.