This talk was interesting as it relates to some of the forensics work I've been doing for my day job, however the premise was that rather than using it (forensics techniques) to uncover illegal activity, it can be used for uncovering material important for pen testing/red teaming. They gave some examples from real-world pen tests that they have worked on where they were bit by having not used these tactics, and some wherein they were benefited by having used them.
Making this more interesting, they announced that they were going to be releasing a metasploit module (forensics_scraper) that, once you have a foothold on a machine (i.e. meterpreter shell) could be executed to batch collect/download this forensic data (MFT, reg data, etc.). They are expecting that the module will be released “soon” (probably a few weeks) – status can be followed here: http://www.rhinosecuritylabs.com/blog/
The slides for the talk are available at this post: http://www.rhinosecuritylabs.com/defcon-21-offensive-forensics/