Common anti-forensics:
Detection & countermeasures:
vol -f memory.dump windows.dumpfiles --pid 1234 Common anti-forensics:
Email header analysis
Tool: EmailTrackerPro or manual via telnet Detection & countermeasures:
Recovering deleted emails
Social media forensics
Even a "portable" lab needs a home base. This section describes the physical and logical setup: