About

Home / About

June 2017 Update: No matter who you cast your Forensic 4:cast award for, join Mary Ellen and I in Austin, Texas at the SANS DFIR Summit to celebrate all of the winners!  Looking forward to seeing you there!

AboutDFIR.com has launched officially for 2017!  What launched in 2014 as a Google Sheet with single category of information tracking fewer than 30 DFIR-related certifications, the Digital Forensics / Incident Response – The Definitive Compendium Project has grown over the years into an expansive project worthy of its name.  Now consisting of 19 categories of DFIR-related information (with over 11 more planned in the coming months), it is one of the single, largest compendiums of DFIR information known to exist on the Internet where the content has been culled by its authors on a per/link and resource basis, not by taking from others.

The Digital Forensics and Incident Response industries are growing every month, if not every week. Whether you are looking for trends reports, wanting to learn, breaking into the scene, studying for a certification, or just maintaining your skillsets – AboutDFIR.com has you covered.  No one knows it all, no one is a master of it all, and all of us are constantly learning as technology adapts and evolves all around us.

In early 2017, Devon Ackerman and Mary Ellen Kennel worked together on behalf of the community to merge their independent projects.  This effectively grew the DFIR – Definitive Compendium with new categories to include Challenges & Capture the Flag training, DFIR Research, Annual Industry Reports, Threat Hunting, Threat Intelligence, and Forensic Tools.  In addition, several thousand new items were reviewed and added to the Blogs, Social Resources, and Books pages.

The DFIR – Definitive Compendium Project is not simply a link repository though, but has been edited and administrated over the years with intentional precision.  Not everything that is authored, created, or tagged as “digital forensics” and “incident response” is worth an examiner or analysts’ time or furthermore, is accurate.  Examples of this include not referencing every tool that can possibly be used for forensics, but choosing tools that the editors have personally used, abused, and tested.  Not every script or custom tool needs to be added just because it exists – if one tool exists that does what 15 other scripts do independently, but the one tool works the most effectively and reliably, then it is more likely to be included.  Another example is that the editors of this project have specifically weeded out blogs that are not maintained (>2 years since last post) and books that are significantly out-of-date with evolving forensics. 

A myriad of choices have gone into deciding what information should be included in order to maintain the usefulness of the project and to separate it from just being branded “another link repository.”