What makes a good forensicator? or how to get a job in Digital Forensics...
A common question those seeking to enter the field of digital forensics ask is what do I need to get a job in the field? This is a good question. There are many paths and the most appropriate one will...
View ArticlePFIC
I have spent the past few days at the PFIC conference in Utah, it was a blast, except for the altitude which knocked me around far more than I thought it would (it was worst on the final day, and it...
View ArticleOnline DFIR meetups
At PFIC I was talking to Harlan Carvey about his NoVA meetups and how great they sounded. Unfortunately it is a little hard to get to them from Vermont so I have only been able to watch on jealously....
View ArticleClik here to view.
Online meetup survey results
So after one week I have got around to checking out the survey results. 68% of respondents went for Thursday, with 40% going for the 2000 time slot. So Thursdays at 2000EST it will be. The format...
View ArticleThe beauty of forms
I recently read the book the “Checklist Manifesto” by Atul Gawande In the book Atul describes how by creating and using checklists of common tasks that should be performed before, during and after...
View ArticleThoughts about last night
So after last night’s meetup I have a few thoughts on what went well and what did not. The technology worked surprisingly well, with two chat sessions running it was possible for everyone who had...
View ArticleFree non-forensic windows programs for forensics and thanks.
Over the past couple of days Harlan has been talking about people contributing to the DFIR profession and acknowledging the creators of free software. During an email exchange with him I confessed that...
View ArticleDFIROnline Meetup review
Well the DFIROnline meetup went well tonight. The turn-up tripled from the first event, we had a max of 97 attendees at one point. Harlan and Eric both gave a couple of great presentations, and I just...
View ArticleNew Website and a new resource
I have transferred to a new hosting provider and made a few upgrades to the website. The most significant of which is the new DFIR directory. I got the idea for this after my post on free non-forensic...
View ArticleDFIROnline Updates
At the beginning of this month I was thinking that the schedule for DFIROnline was looking a little light. So I emailed a few people who I would to hear speak and received an extremely positive...
View ArticleClik here to view.
4096 byte sector drives, NTFS and forensic tools
One of the topics that came up during Kevin Ripa's DFIROnline presentation was the concept of 4k sectors, or really sectors larger than 512 bytes. I have been aware of these for a few years, as far as...
View ArticleUpdated filesystem cheat sheets
At PFIC last year I ran a workshop on the analysis of NTFS and handed out some cheat sheets I made for examining NTFS in a hex editor. I have been using these cheat sheets for ages and over the weekend...
View ArticleLive Challenge
Tonight we will have the first 5 minute challenge on DFIROnline. The idea behind this is to have a bit of fun and also have the chance to share the different ways the same problem can be solved. The...
View ArticleFebruary and March recordings posted
I have just posted the recordings of the February and March meetups to the youtube channel (http://www.youtube.com/user/DFIROnline). These were both a couple of lively meetings with great information...
View ArticleFilegen - file generator for tool testing
One of my students is currently researching data recovery on solid state drives. Part of the testing requires that he create a large number of files with known and easily identifiable content. There...
View ArticleResources for learning python for forensics
This is just a small collection of the resources that are available if you are interested in learning python. It is not intended to be a comprehensive list of everything available, just enough to get...
View Article
