Problem
A. What are some of the "gotchas" when attempting to acquire evidence? (What could hamper evidence collection)
B. How can we get evidence from damaged systems/media?
C. What rules and regulations do we have to follow for getting, analyzing, and storing evidence?
D. Do the same rules apply to government investigations as to private organizations?
E. What hives and entries are forensically attractive when doing an investigation? What forensic tools are available?
F. Windows, Apple, and Linux all have different file systems. How does each of them work?
G. What files and logs are forensically interesting when doing an investigation?
H. What metadata can we get from various files? How can it help in an investigation?
I. What techniques might criminals use to hide data or activities?
J. What is special/different about forensic analysis of virtual machines? (NOT WHAT IS A VIRTUAL MACHINE)
K. What is special/different about forensic analysis of cloud-based machines? (NOT WHAT IS A CLOUD MACHINE/SYSTEM)
L. What qualifies a person to be an expert witness?