05 May 2020
By Devon

AboutDFIR Content Update 5/5/2020

Greetings! The first week of May brings new site content as detailed below:  Tools & Artifacts - iOS - new entries added Tools & Artifacts - File Systems - new entries added Tools & Artifacts - Linux - new entries added Tools & Artifacts - Windows - new entries added as well as every 13Cubed video relating to a Windows artifact Challenges & CTFs - new entries added DFIR Research - new entry added under…
Read More
29 Apr 2020
By Devon

AboutDFIR Content Update 4/29/2020

Greetings! A short update this week:  Certifications & Training - new entry added (Harvard's FREE CS50: Introduction to Computer Science course) Tools & Artifacts - Windows - new entries added Tools & Artifacts - iOS - new entries added In case you missed them, check out my latest blog posts: A General Overview of DFIR Resources and A Beginner’s Guide to the Digital Forensics Discord Server!  Make sure you're keeping up on Kevin Ripa's 3MinMax…
Read More
23 Apr 2020
By Devon

AboutDFIR Content Update 4/23/2020

Greetings! This week's update is detailed below:  Some Home Page updates first: New site feedback form added under the Submit menu, let us know what you think here New AboutDFIR Blog Posts Archive added under the Reading menu, check it out here Added More button underneath the last 12 blog posts at the bottom of the home page which will link to the AboutDFIR Blog Posts Archive  Now for the usual content updates: Tool Testing…
Read More
22 Apr 2020
By Devon

A Beginner’s Guide to the Digital Forensics Discord Server

Introduction This post has been a long time coming for me. I will use this post to address all newbie questions I've fielded in regard to the use of Discord, or how to join the server successfully. Believe it or not, we have a lot who join the server but never gain access due to not following through with the brief verification process new members have to go through. This post is aimed to help…
Read More
18 Apr 2020
By Devon

A General Overview of DFIR Resources

Introduction The world of Digital Forensics and Incident Response (DFIR) is so expansive that it's impossible for one person to know it all, let alone a fraction of it. To combat this, one must first be aware of and second utilize the resource that's best catered to the issue at hand. There are multiple resources out there that digital forensic examiners and incident responders should be aware of.  Not all resources are created equal nor…
Read More
14 Apr 2020
By Devon

AboutDFIR Content Update 4/14/2020

Greetings! This week's update is detailed below:  Tool Testing - new memory image added by Alissa Torres Videos/Webinars - new entries added  Certifications & Training - new entries added (Hal Pomeranz' Intro to Linux Forensics course) Tools & Artifacts - macOS - new entries added Tools & Artifacts - Windows - new entries added Social Media - multiple new Discord servers added Jobs - multiple new jobs posted Brian Carrier, the author of File System…
Read More
09 Apr 2020
By Devon

AboutDFIR Content Update 4/9/2020

Greetings! This week's update is detailed below:  Tools & Artifacts - Windows - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia - new entries added Challenges & CTFs - new entries added Podcasts - new entries added If there's something you think should be on the website, let us know! Per usual, you can reach me via…
Read More
04 Apr 2020
By Devon

AboutDFIR Content Update 4/4/2020

Greetings! This week's update is detailed below:  Social Media - new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added Certifications & Training - new entries added Tool Testing - new entries added Tune in to this upcoming Monday's episode of "Life Does Not Have a Ctrl+Alt+Del" hosted by Heather Mahalik where I am the featured guest! I will be talking about the Digital…
Read More
27 Mar 2020
By Devon

AboutDFIR Content Update 3/27/2020

Happy Friday! This week's update is detailed below:  Mobile/Tablet home page menus fixed, sorry for the inconvenience Awards - page updated to reflect that nominations for the Forensic 4:cast Awards are now open Tools & Artifacts - Android - new blog posts added Tools & Artifacts - File Systems - new blog posts added Tools & Artifacts - iOS - new blog posts added Tools & Artifacts - Linux - new blog posts added In…
Read More
19 Mar 2020
By Devon

Introducing the AboutDFIR RSS Starter Pack!

Greetings! I am excited to share something that has been in the back of my mind for a while now. Introducing the AboutDFIR RSS Starter Pack! Basically, this is a curated list of blogs, DFIR vendor websites, and other cyber security related websites categorized for your convenience. A simple import into your Feedly account (or RSS app of choice) and you're up and running! This is the first iteration of this project and will be…
Read More
18 Mar 2020
By Devon

AboutDFIR Content Update 3/18/2020

Greetings! Here's another site content update:  Research Ideas - new research ideas added based on user submission Women of #DFIR - new entries added Social Media - new hashtags added to Twitter Tools & Artifacts - macOS - renamed to macOS, URL updated, and new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added If there's something you think should be on the website,…
Read More
11 Mar 2020
By Devon

AboutDFIR Content Update 3/11/2020

Greetings! Yet another content update:  Annual Industry Reports - new report added Tools & Artifacts - DVR/Multimedia - new blog post added Tools & Artifacts - Windows - new blog posts added Tools & Artifacts - iOS - new blogs post added Robert Chesney recently released a 137-page book titled Cybersecurity Law, Policy, and Institutions. Download the free PDF here! I'm currently working on a blog post that'll analyze the pros and cons of all…
Read More
02 Mar 2020
By Devon

AboutDFIR Content Update 3/2/2020

Greetings! The first update of March 2020 is detailed below:  Preservation Letter/Search Warrant Templates - all templates got a once over with some new language relating to US Code 2703(f), plus Google, Twitter, and Microsoft were added to the bunch Podcasts - new podcast added (SANS GIAC Podcast) Tools & Artifacts - Windows - new blog post entry added Challenges & CTFs - multiple new entries added Jobs - data table has been cleaned up…
Read More
28 Feb 2020
By Devon

My Take on Preparing for GIAC Certification Exams

Introduction SANS GIAC Certifications are highly sought after because of the technical expertise required for completing them successfully. They are not to be taken lightly and are held in high regard due to them not being a “gimme” for the test taker. If you do not prepare, your score will reflect that and you risk not passing. The stakes are high due to the cost of the certification ($789 per attempt as of this writing…
Read More
23 Feb 2020
By Devon

AboutDFIR Content Update 2/23/2020

Greetings! Another content update in the wake of Phill Moore's new This Week in 4n6 post:  Challenges & CTFs - new entries with walkthroughs added Men of #DFIR - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added White Papers - new entry added (DFRWS Papers & Presentations) Did you know that you can add AboutDFIR's newsfeed easily to your Feedly account? Just…
Read More
22 Feb 2020
By Devon

I want to see your Resume!

Do you know of someone just graduating with their college degree in #DFIR or #CyberSecurity or #security looking for their first job? I am interested! Send me a resume -> devon.ackerman@kroll.com with Resume in the subject line. Tag your friends, tag your colleagues.
Read More
20 Feb 2020
By Devon

AboutDFIR Content Update 2/20/2020

Greetings! A relatively small site content update but please see other important items below:  Scholarships - added SANS' Ken Johnson Scholarship 2020  Tools & Artifacts - Linux - added new GitHub resource by ashemery First off, the 2020 Forensic 4:cast Awards Nominations are now open! Be sure to cast your nominations before May 15th, 2020. In the meantime, brush up on the past years' winners on the Awards page.  Secondly, Humble Bundle, one of my…
Read More
17 Feb 2020
By Devon

AboutDFIR Content Update 2/17/2020

Greetings! Yet another update as detailed below:  Annual Industry Reports - added new entries Tool Testing - added Josh Hickman's new Android 10 Image  Tools & Artifacts - Windows - new blog post entries added Tools & Artifacts - DVR/Multimedia - new blog post entries added Tools & Artifacts - iOS - new blog post entries added Infographics - added an awesome link containing many useful cheatsheets, be sure to check it out If there's…
Read More
11 Feb 2020
By Devon

AboutDFIR Content Update 2/11/2020

Greetings! Small update this week but there are bigger things coming:  Certifications & Training - added Brian Carrier's Autopsy course (Free for LE!) Tools & Artifacts - File Systems - reworked data table entirely and added new entries Tools & Artifacts - iOS - new blog post entries added Tools & Artifacts - Android - new blog post entries added I'm working on a blog post regarding my take on preparing for GIAC Certification exams. Look…
Read More
05 Feb 2020
By Devon

AboutDFIR Content Update 2/5/2020

Greetings! Yet another AboutDFIR Content Update:  Preservation Letter/Search Warrant Templates - Discord - updated this page with a section about how Discord Nitro factors into the #XXXX discriminator at the end of a subject's username. I also added a fancy GIF created with my favorite GIF creation tool, ShareX. Also, I added another line in the language asking for historical usernames and discriminators for a specified account Awards - added links to each respective award…
Read More
02 Feb 2020
By Devon

AboutDFIR Content Update 2/2/2020

Greetings! Yet another AboutDFIR Content Update:  Certifications & Training - added KAPE certification course listing and corrected a few errors within the data table Social Media - added a link to Metaspike Community Tool Testing - added a link to new memory images courtesy of Alissa Torres (@sibertor) Tools & Artifacts - iOS - added new blog post entries Tools & Artifacts - Windows - added new blog post entries Tools & Artifacts - Android…
Read More
28 Jan 2020
By Devon

AboutDFIR Content Update 1/28/2020

Greetings! The site continues to evolve as detailed below:  Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - lots of new entries added including Sarah Edwards' fantastic mac4n6 blog posts Lots of data table standardization has taken place with better consistency in column titles across all pages Awards - added headings for the two awards to increase readability on mobile and in general Home Page - RSS feed link…
Read More
24 Jan 2020
By Devon

AboutDFIR Content Update 1/24/2020

Happy Friday! The site continues to evolve as detailed below:  Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows, Linux, MacOS - Velociraptor hands-on video added Jobs - new jobs are being posted on an almost daily basis Challenges & CTFs - added links to and solutions for every SANS Holiday Hack Challenge in the 2010s as well as a few other new challenges Tools & Artifacts - DVR/Multimedia - new…
Read More
15 Jan 2020
By Devon

AboutDFIR Content Update 1/15/2020

Greetings! The site continues to evolve as detailed below:  Home Page - added a Featured Page of the Month. Look for this to update on or around the beginning of each month for a new featured article Tools & Artifacts - iOS - added Checkm8 and Checkra1n Cellebrite Webinar to the data table as well as a link to iDevice firmware downloads Certifications & Training - updated Belkasoft's training offerings Password Cracking - added PDFCrack…
Read More
12 Jan 2020
By Devon

AboutDFIR Content Update 1/12/2020

Greetings! The site continues to evolve as detailed below:  Home Page - a favicon has been added to the site  Tool Testing - added a blurb about Arsenal Image Mounter for mounting forensic images Social Media - added a few more subreddits relevant to the DFIR world Men of #DFIR/Women of #DFIR - new entries added and old ones removed Submit a Job - added a link to the beginning of the job submission process…
Read More
04 Jan 2020
By Devon

AboutDFIR Content Update 1/4/2020

Greetings! First update of the year/decade below:  Forensic Terms - added the definition for Firehose Programmers per a request from the Digital Forensics Discord Server Men of #DFIR - multiple new entries added Tool Testing - new entries added Challenges & CTFs - lots of old entries removed, new entries added, Walkthrough column added and entries added for challenges that have walkthroughs I'm continuing to chip away at the to-do list as well as keeping…
Read More
30 Dec 2019
By Devon

AboutDFIR Content Update 12/30/2019

Greetings! The last update of the decade is detailed below: Men of #DFIR - new entries added Instagram - added Search Warrant and Preservation Letter template language for Instagram Mobile Devices/Computers - added Search Warrant and Preservation Letter template language for Mobile Devices/Computers Every data table should now be mobile friendly with collapsing columns to fit the respective width of your mobile devices. If there are any that aren't translating well on the mobile experience,…
Read More
18 Dec 2019
By Devon

AboutDFIR Content Update 12/18/2019

Greetings! Lots of updates detailed below: Tool Testing - this is a new page that was added to organize all links to sites that host forensic images that can be used for tool validation. Many of the links were taken from Challenges & CTFs so now their new home is here Tools & Artifacts - Windows - a few new resources were added here that I learned about in a recent Magnet Forensics class (AX250)…
Read More
17 Dec 2019
By Devon

Jailbreaking – Checkra1n Configuration

In this installment, I felt that I should discuss how to use Checkra1n, and how to actually get into the device via 2 methods: localhost (tethered) and WiFi (untethered). This is not a blog to discuss how Checkra1n is doing, what it is doing, or what Checkm8 is doing prior to the device booting. Additionally, you do this at your own risk. Just because it works on one device does not mean it'll work on…
Read More
16 Dec 2019
By Devon

Pattern of Life – Tracking Through Mobile Applications

So getting back into blogging finally! Thanks for hanging in there with me.  Unlike my last posts, time to roll up the sleeves and try to make this community better from a technical perspective. To do that, I've decided to look at individual applications from iOS (first) so I can see what we are looking at. This is most important to me, because as we all know, our tools will lie to us if we…
Read More
12 Dec 2019
By Devon

AboutDFIR Content Update 12/12/2019

Greetings! The latest changes are detailed below: Challenges & CTFs - new CTFs have been added Jobs - there's been multiple new postings In other news, I passed the GCFE after a few months of studying! I now have more free time available to work on my ever-growing to-do list for this site. Next on the list is to go through the painstaking process of standardizing the layout of all data tables on the site.…
Read More
06 Dec 2019
By Devon

AboutDFIR Content Update 12/6/2019

Greetings! The site continues to evolve and grow: Tools & Artifacts - Windows - added a few tools and links to videos/blog posts to the data table, removed empty entries Videos/Webinars - added a few new YouTube channels Preservation Letter/Search Warrant Templates - Facebook - I updated quite a bit of this page to cater it more to Facebook since their portal requires a different process than most other companies Jobs - there's been multiple…
Read More
02 Dec 2019
By Devon

AboutDFIR Content Update 12/2/2019

Greetings! More changes happening with plenty more to come: Every hyperlink on the site now should be in blue text to make it easier to distinguish between regular black text. I know for me this is a very welcome change! The home page menus have gone through an extensive reorganization and will continue to be refined until we're at a logical resting point. Look for some pages to be merged with others as content grows.…
Read More
27 Nov 2019
By Devon

AboutDFIR Content Update 11/27/2019

Greetings! There's been some new additions to the site that I am excited to share and expand upon as time goes on. Without further ado: Preservation Letter/Search Warrant Templates - This is a new section on the site that I look to flesh out quite a bit as time goes on and needs arise. If anyone has any preservation letter/search warrant language they need, please let us know! Alternatively, if there's some language that has…
Read More
25 Nov 2019
By Devon

AboutDFIR Content Update 11/25/2019

Greetings! I added a couple new pages to the site so I wanted to share the news with a quick blog post: Cell Tower Mapping - I've added some resources to this page that was useful to me when I was a Detective. I hope others can find them useful, as well Password Cracking - I've added links to multiple password lists as well as the Hashcat Wiki. Everyone should poke around rockyou.txt and see…
Read More
22 Nov 2019
By Devon

AboutDFIR Content Update 11/22/2019

Happy Friday, all! Yet another minor update that I wanted to be brought to everyone's attention: Tools & Artifacts - Android - added links to Scott Lorenz's groundbreaking and informative EDL Mode guides: Mastering EDL Mode and Mastering EDL Test Points Social Media - added link to 13Cubed's YouTube channel which has many useful videos relating to various sub-disciplines of Digital Forensics including but not limited to Linux, Windows, Hashcat, Memory Forensics, etc. Also added…
Read More
19 Nov 2019
By Devon

AboutDFIR Content Update 11/19/2019

Happy Tuesday, all! Minor update today so this will be another short one: Tools & Artifacts - Windows - more blogs posts for new and existing artifacts.  Tools & Artifacts - iOS - more blogs posts for new and existing artifacts.  Tools & Artifacts - OS X - more blogs posts for new and existing artifacts. AboutDFIR Home Page - site title has been updated so blog feeds should now read as AboutDFIR - The…
Read More
17 Nov 2019
By Devon

AboutDFIR Content Update 11/17/2019

Happy Sunday, all! Minor update today so this will be a short one: Tools & Artifacts - Windows - more blogs posts for new and existing artifacts.  Tools and Artifacts - File Systems - added a couple blog posts to start out. More to come in due time. AboutDFIR Home Page - a couple broken links have been updated.  Cheers, Andrew
Read More
16 Nov 2019
By Devon

AboutDFIR Content Update 11/16/2019

Today's update is about fixing some readability issues on mobile devices with the data tables. I went through the entire site A-Z on my Google Pixel 2 XL to identify mobile readability issues and I think I've fixed them all. As a result, the following pages have been updated to provide a much more pleasant mobile experience: Tools & Artifacts - Android Tools & Artifacts - File Systems Tools & Artifacts - iOS Tools &…
Read More
15 Nov 2019
By Devon

AboutDFIR Content Update 11/15/2019

Happy Friday everyone! Expect a higher tempo of posts from me regarding site content updates. As long as I change something on the site on a given day, I will make a quick blog post about it. This will allow me to keep everyone abreast on all the changes occurring on this site and to ensure everyone is aware of what information is being updated in a more timely manner. I will start with the…
Read More
10 Nov 2019
By Devon

Just Another AboutDFIR Content Update

I hope everyone is having a great weekend! This has always been one of my favorite times of the year as a Veteran and (former) Marine. Today is the USMC's 244th birthday and tomorrow is Veteran's Day! For those who fall into my very same demographic, this is a great couple of days for us to celebrate and reflect. I am looking forward to celebrating those who've served before me and remembering all the sacrifices…
Read More
09 Oct 2019
By Devon

An Overview of Recent and Future Content Updates

Happy Wednesday to everyone! We are halfway to the weekend and with that I bring to light some updates the site has experienced since I've joined the AboutDFIR team. Again, I'd like to thank Devon Ackerman for giving me the opportunity to contribute to a site in which I've long admired from afar. The Scholarships page has been updated with many new scholarships for DFIR students. I've also added an expiration date column so both…
Read More
22 Sep 2019
By Devon

281 Arrested Worldwide in Coordinated International Enforcement Operation Targeting Hundreds of Individuals in Business Email Compromise Schemes

Federal authorities announced today a significant coordinated effort to disrupt Business Email Compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals, including many senior citizens.  Operation reWired, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, U.S. Postal Inspection Service, and the U.S. Department of State, was conducted over a four-month period, resulting in 281 arrests…
Read More
20 Sep 2019
By Devon

New AboutDFIR Contributor

Greetings all, my name is Andrew Rathbun. For more about my background, see my entry on this page. I am excited to be given the opportunity to contribute to AboutDFIR as it is a project I have admired from afar for as long as I knew of its existence. This compendium is akin to something I would create myself had it not already existed. A compendium of this magnitude caters to my interests as a…
Read More
02 Sep 2019
By Devon

InfoSec News Nuggets 9/02/2019

Another convincing deepfake app goes viral prompting immediate privacy backlash Zao, a free deepfake face-swapping app that’s able to to place your likeness into scenes from hundreds of movies and TV shows after uploading just a single photograph, has gone viral in China. Bloomberg reports that the app was released on Friday, and quickly reached the top of the free charts on the Chinese iOS App Store. And like the FaceApp aging app before it, the creators of Zao are now…
Read More
30 Aug 2019
By Devon

InfoSec News Nuggets 8/30/2019

NIST Wants Insight on Combatting Telehealth Cybersecurity Risks The National Institute of Standards and Technology wants to hear from vendors who can deliver technical expertise and products that can help secure health organizations’ telehealth capabilities.  According to a notice set to be published in the Federal Register Thursday, the agency wants vendors to provide insight and demonstrations to support the National Cybersecurity Center of Excellence’s health care sector-specific use case, “Securing Telehealth Remote Patient Monitoring Ecosystem.” “This notice…
Read More
29 Aug 2019
By Devon

InfoSec News Nuggets 8/29/2019

1 A new IOT botnet is infecting Android-based set-top boxes A new IoT botnet named Ares is infecting Android-based devices that have left a debug port exposed on the Internet. Among this botnet's most common victims are Android set-top boxes manufactured by HiSilicon, Cubetek, and QezyMedia, cyber-security firm WootCloud said today. The attacks aren't using a vulnerability in the Android operating systems, but are exploiting a configuration service that has been left enabled and unprotected…
Read More
28 Aug 2019
By Devon

InfoSec News Nuggets 08/28/2019

1 Senators Question NHTSA on Risks of Connected Vehicles Two United States senators have sent a letter to the National Highway Traffic Safety Administration (NHTSA) to inquire about cyber-risks associated with connected vehicles. In their letter, Senator Edward J. Markey (D-Mass.) and Senator Richard Blumenthal (D-Conn.), members of the Commerce, Science and Transportation Committee, also expressed concerns regarding the lack of publicly available information on the cyber-vulnerabilities associated with these automobiles. The letter (PDF) also asks NHTSA…
Read More
27 Aug 2019
By Devon

InfoSec News Nuggets 08/27/2019

1 Hostinger Security Breach Impacts 14M Customers Web hosting company Hostinger suffered a security breach on Aug. 23 that allowed an unauthorized third-party to gain access to its internal systems. As TechCrunch reports, the server contained the company's internal system API and associated database which held customer usernames, email addresses, first names, IP addresses, and hashed passwords. The passwords were protected with the SHA-1 algorithm, but that has been proven to be vulnerable to attack.…
Read More
26 Aug 2019
By Devon

InfoSec News Nuggets 08/26/2019

1 Peripheral Maker Fanatec Hacked, Customer Details Stolen If you've ever been in the market for a high-end gaming controller, racing wheel, or pedals, chances are peripheral maker Fanatec was on your radar. Purchasing directly from Fanatec turned out to be a bad idea, though, as your personal details are probably in the hands of hackers. As Kotaku reports, Fanatec CEO Thomas Jackermeier sent out an email yesterday to all customers informing them that, "our online shop of…
Read More