Beyond Windows Forensics with Built-in Microsoft Tooling

Traditional Windows forensics typically requires a complex or expensive toolset (like Encase), Windows 8 and beyond introduced features that can considerable facilitate the windows forensics process. In this talk, we will examine the tools available from PowerShell to System Resource Usage Monitor and their ability to bootstrap the forensics process and how this can be used to move left into the incident response process.