Corey Harrell · Sep 30, 2012 · 6:52 PM UTC

Corey Harrell @corey_harrell

30 Sep 2012

Hands down. The best combination of #DFIR tools is: Regripper, Regdecoder, Log2timeline, and Sleuthkit.

Hal Pomeranz · Sep 30, 2012 · 7:00 PM UTC

Hal Pomeranz · Sep 30, 2012 · 7:00 PM UTC

Hal Pomeranz @hal_pomeranz

30 Sep 2012

@corey_harrell You forgot volatility, but otherwise I agree with you.

Sep 30, 2012 · 7:00 PM UTC

Corey Harrell · Sep 30, 2012 · 7:01 PM UTC

Corey Harrell @corey_harrell

30 Sep 2012

@hal_pomeranz True. Forgot that one since most of the time I don't have a memory image