Digital Forensics: How to Make Remote Collection and Analysis More Efficient

By clicking "Register", you acknowledge that you have read BNP Media’s Privacy Policy, agree to its terms, and consent to allow BNP Media to use your information consistent with the Privacy Policy. You agree your information submitted will be shared with the sponsor(s) of the webinar. To read our Privacy Policy, please click here
Webinar On-Demand
Sponsored by Exterro
Presented by Justin Tolman, Forensic Subject Matter Expert at Exterro

Learning Objectives:

  1. Understand the advantages of remote collection in internal investigations.
  2. Identify the most helpful key artifacts used for analysis of an endpoint.
  3. Optimize remote collection techniques to reduce network impact.
  4. Delve into a practical example where the adoption of remote collections might have conserved both time and money, while also reducing stress


As an IACET Accredited Provider, BNP Media offers IACET CEUs for its learning events that comply with the ANSI/IACET Continuing Education and Training Standard.
Training may qualify for related continuing education for recertification activity through NICET. Students may claim one (1) Continuing Professional Development (CPD) point per hour of instruction towards their NICET recertification requirement for any sessions that expand their knowledge of the subject matter pertaining to the certifications they hold.
Participants completing this course may be eligible to receive Continuing Professional Education credit or CPEs toward ASIS re-certification.

Remote collection & analysis is an important part of any internal investigation within your corporate network. Pulling a full forensic image of an endpoint can be time-intensive and can consume network resources, but a targeted collection can alleviate these concerns. This webinar discusses the most useful artifacts to collect in an internal investigation, such as Event Logs, LNK files, Shell Bags, Device Information, and more. Focusing on these types of artifacts will reduce the impact on your network during remote collection and reduce the amount of time needed to analyze the information and draw conclusions.


image courtesy of Getty Images


Justin Tolman has been working in digital forensics for 12 years. He has a bachelor’s degree in Computer Information Technology from BYU-Idaho and a master’s degree in Cyber Forensics from Purdue University. After graduating he worked as a Computer Forensic Specialist with the Ohio Bureau of Criminal Investigation. He joined AccessData in 2015 as a senior instructor where he trained digital forensic professionals worldwide in forensic tools, concepts, and workflows. He was later promoted to Director of Training over North America. Justin has written training manuals on computer and mobile device forensics, as well as (his personal favorite) SQLite database analysis. Justin currently works as the Forensic Subject Matter Expert and Evangelist at Exterro following the purchase of AccessData by Exterro. He is frequently presenting at conferences, on webinars, and hosts a podcast and produces YouTube content related to digital forensics and Forensic Toolkit.


Exterro Founded in 2008 based on the belief that e-discovery is a business process like any other, subject to measurement, management, and optimization, Exterro has grown organically and through acquisitions into the industry leader providing legal technology’s only comprehensive Legal GRC software platform. Today, our passionate, talented, and experienced leadership team leads our efforts to deliver industry-defining software and world-class service to our partners and clients. Gain control over organizational data and minimize the risks posed by litigation, privacy regulations, and cybersecurity threats with Exterro’s unified e-discovery, privacy compliance, and digital forensics software. Get a comprehensive view of exactly what happened and who was involved. With our award-winning, court-cited digital forensics expertise, Exterro gives you the industry’s best tools to help you analyze computers, mobile devices and network communications. When you know more, you can do more. No matter the type of forensic investigation, there’s an FTK Solution designed specifically for your investigative workflow – all with the industry’s fastest processing engine for repeatable, defensible, forensically-sound collection and analysis.


Originally published in September 2023