Clik here to view.
Case studies are more helpful than you may think
Today’s presentation on a case study was an example of what I have been doing for many years – figuring out how other people do the job… I first started doing case studies when I made narc detective...
View ArticleClik here to view.
A bundle of case studies and X-Ways Forensics Practitioner's Guide training
************UPDATE 10/29**************** Case studies 2 has been published. It's the Mr Fuddlesticks case. ****************************************************** Out of the 100+ viewers of the case...
View ArticleClik here to view.
Sharing is caring
One thing about the DFIR blogs is that they tend to bounce off each other. This is a good thing because tidbits of gold nuggets can be expanded upon with different perspectives and experiences....
View ArticleClik here to view.
The last thing we want in DF/IR is the first thing we need in DF/IR (aka:...
As teenagers, we never liked rules growing up. Curfews. Chores. Homework. But we know now that the rules were good for us. It seems like nothing has changed for those of us in the DF/IR field....
View ArticleClik here to view.
DF/IR Case Studies
I've made three case studies so far and will have a fourth up this week. From the feedback I've asked in a short survey about the case study series, here are the results: The case studies are...
View ArticleClik here to view.
Thinking of Writing a #DF/IR Book? Here’s a tip that may or may not work out...
I am very open on my opinions about writing books, specifically DF/IR books. I encourage anyone who is thinking about writing a DF/IR book to write away and start right away! The longer you wait, the...
View ArticleClik here to view.
Bitcoin Forensics | Investigating Cryptocurrency Crimes Online Course....it's...
You knew this was coming. A course in cryptocurrency investigations. There is no faster and comprehensive method to learn cryptocurrency investigations than to take a class in it and study a book...
View ArticleClik here to view.
DFIR Mentors. You just might be one and not know it.
If you share information, openly discuss that which you can, and sincerely try to help others in the DF/IR field, you are probably someone’s mentor and do not even know it. I have always understood...
View ArticleClik here to view.
When you think you know enough
If you ever have a day in the DF/IR field when you think you know enough, take the rest of the day off and reflect a bit before doing any more work. The reasoning is that we can never know enough, in...
View ArticleClik here to view.
X-Ways Forensics & eDiscovery
Following up on a discussion with an eDiscovery consultant, I wanted to show how X-Ways Forensics is a good (if not better at times) tool to have for the eDiscovery folks in ESI collection jobs. Not...
View ArticleClik here to view.
Making Ham Sandwiches in DFIR
Following up on some points made about DFIR writing on Twitter, here are my opinions on the subject of writing up your work in DFIR: 1: Write it up (or else your work didn’t happen) 2: Write it for...
View ArticleClik here to view.
Cyber Health
I was a spectator to a conversation between a law enforcement DFIRer and corporate computer user this week, and it got interesting when the name-calling started. The point of the conversation was...
View ArticleClik here to view.
Windows Forensic Environment - Newest project is complete
Forensic Operating Systems The time has come! The Windows Forensic Environment (aka Windows FE, aka WinFE) project and course has been updated. **COURSE IS CURRENTLY AT CAPACITY** However, send me...
View ArticleClik here to view.
Some things about training, education, and learning in DFIR
In theory, if you know what you are doing and are competent, that is all you need. In practice, being competent is rarely enough. You probably need documentation.... The importance of documentation...
View ArticleClik here to view.
Dragnet: 2018
Definition of dragnet 1a : a net drawn along the bottom of a body of water b : a net used on the ground (as to capture small game) 2: a network of measures for apprehension (as of criminals) In...
View ArticleClik here to view.
Make DFIR easier to learn with visual aids (and teach students to share their...
In my most recent course that I was teaching, the question of imaging speed came up during the hands-on imaging practicals (it's always the same question, "How can I make it go faster?"). My go-to...
View ArticleClik here to view.
5 Cool Things You Can Do with the Windows Forensic Environment (WinFE)
I’m a fan of WinFE. I’ve used it, written about it, helped develop it, taught it, and assisted others to teach it. The way that I talk about it, you’d think that WinFE is the best thing that ever...
View ArticleClik here to view.
"I don’t want to learn. Just give me the answer."
Figure it out It’s been more than a few years since I was in the Marines, even though it still feels like yesterday. Although it has been decades (has it really been that long?), it seems that I am...
View ArticleClik here to view.
Zombie-Cases: Did you ever have a case that just wouldn’t die?
I just finished up Case Study #8, with one of those types of cases that just won’t die. If you ever had a case like that, you know what I mean. If you don’t know, it simply means that as much as you...
View ArticleClik here to view.
Digital Forensics Tenure in Law Enforcement, and other fairy tales
Occasionally I am asked by police officers working in digital forensics if they should leave their current job to go to the private sector. Luckily, I can now refer them to read Eric Huber’s blog...
View Article
