Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Learn forensic imaging and analysis techniques for investigating systems running TAILs (The Amnesic Incognito Live System) operating system in this 35-minute conference presentation from SANS DFIR Summit 2025. Discover how adversaries leverage TAILs for criminal activities and explore the unique challenges investigators face when confronting systems running this privacy-focused operating system. Master practical methods for imaging TAILs instances that run within physical memory (RAM) of host systems, and understand how to extract valuable forensic artifacts from memory dumps. Examine specific techniques for locating and analyzing artifacts of interest within TAILs environments, addressing common issues encountered during forensic investigations of this amnesic operating system. Gain insights from real-world incident response scenarios and learn proven methodologies for overcoming the inherent challenges of investigating systems designed to leave minimal forensic traces.
