In today’s digital age, the ability to rapidly triage a live running computer system has never been more important. Through National Institute of Justice funding, WetStone Technologies has developed a tool known as US-LATT, US Live Acquisition and Triage Tool, to assist investigators in this daunting task. This tool is now available free to state and local law enforcement agencies…US-LATT, based upon U3 technology, allows investigators to triage a live running system in an automated fashion simply by inserting a U3 token. The one hour lab session will teach investigators the importance of volatile data in an investigation as well demonstrate how to properly use US-LATT to quickly and efficiently collect volatile data. The types of volatile data that will be covered during the lab session include physical memory, running processes, network connectivity, encrypted file systems, critical registry locations, recently used files, and screenshots. Investigators will also learn how to interpret the volatile data they collect and apply it to real world cases and investigations. Upon completion of the lab session, investigators will be fully equipped to conduct a complete on-scene US-LATT based investigation.
Investigators will learn the importance of volatile data in an investigation, as well as demonstrate how to properly use WetStone’s U3 based US-LATT to collect volatile data from a live running target. Students will conduct a mock investigation using US-LATT and learn how to interpret its results.