BitLocker is being used more and more to protect the contents of disks from loss and theft. Unfortunately, it is also being used by cybercriminals to hide their activities from law enforcement. This course describes the internal operation of BitLocker, and how law enforcement can defeat it in some cases.
Virtual machines are useful for many purposes in computing, but they can also be used to hide evidence of user activity on a computer system. Cybercriminals are using virtual machines because it is apparently easy to remove all trace of their activities just by deleting a single file. This seminar describes virtual machines, their methods of operation, how they are used to hide user activity, and how to detect their use. It also describes how to use virtual machines for malware analysis and other aspects of cyber forensics.