The HTCIA Asia Pacific Chapter had the opportunity to welcome back Live Forensics/Memory Analysis expert Jon Evans back as he was passing through town on his travels. Jon very kindly agreed to run an evening presentation on recovery of artifacts such as Facebook Chat and MSN messages from a live memory capture. Jon has recently been heavily involved in the development of the new live forensics boot CD "Phoenix" (the brainchild of Helix creator Drew Fahey) and much of his research is focused in this area. Below, Jon shows his command line skills in the fantastic surroundings of the Microsoft Offices with the HK skyline in the background!

Given the short notice, a good turnout of over 20 members were able to enjoy a deeply technical explanation of parsing memory files for evidence. The presentation material will be available soon to Chapter members via the document repositary in the members area of this site. After the talk, Jon was warmly thanked by the new Chapter President Mr. Richard Kershaw

This was following by the traditional "networking session" across the road in Wanchai!