22 Aug 2021
By Tony Knutson

SOF-ELK and Integration with KAPE

Archer: FX  Amazing how fast time flies when you're juggling so much during the trying times we all have since 2020! At at the time of publishing this article, we are all still facing a lot of uncertainties. I hope time has been gracious to you all...and continues to be!  Why this post?  As we push through some very trying times in the Digital Forensic and Incident Response world, there are two things I've experienced…
Read More
10 Jul 2020
By Tony Knutson

DFIR Without Certs – What Books Can Help You

This has been an absolute long time coming from me, I think! The reason for this is during the crazy times we currently live in here in 2020, this is probably something I should have worked on much earlier to give folks a bit of a leg up on some reading material. Coming full circle, I feel this is something that really needs to be updated within our field. One of the few places where…
Read More
17 Dec 2019
By Tony Knutson

Jailbreaking – Checkra1n Configuration

In this installment, I felt that I should discuss how to use Checkra1n, and how to actually get into the device via 2 methods: localhost (tethered) and WiFi (untethered). This is not a blog to discuss how Checkra1n is doing, what it is doing, or what Checkm8 is doing prior to the device booting. Additionally, you do this at your own risk. Just because it works on one device does not mean it'll work on…
Read More
16 Dec 2019
By Tony Knutson

Pattern of Life – Tracking Through Mobile Applications

So getting back into blogging finally! Thanks for hanging in there with me.  Unlike my last posts, time to roll up the sleeves and try to make this community better from a technical perspective. To do that, I've decided to look at individual applications from iOS (first) so I can see what we are looking at. This is most important to me, because as we all know, our tools will lie to us if we…
Read More
04 Apr 2019
By Tony Knutson

Magnet User Summit 2019 Impressions

I wanted to make a quick note to start the blogging back up again (yes, I know -- don't judge me!) by discussing a recent Digital Forensics Summit that took place during the first week of April here in the United States. While there is some bias to this since both Devon and myself did present at the Summit, there is in no way, shape or form any endorsement or payment from Magnet for what…
Read More
10 Dec 2018
By Tony Knutson

SANS SEC401 – Comprehensive Review

To get started in InfoSec, One must drink from the fire hose eventually  First, I want to apologize for the very late and posts over the last month or so. My life has been a little chaotic bouncing between a few different things and I went on holiday for a few weeks and was told no laptop :). But alas. For this post, I wanted to jump into something that has been very near and…
Read More
06 Aug 2018
By Tony Knutson

Dissecting Official Reddit App, What Your Tools Don’t Tell You

Sometimes, Some Light Reversing is in Order! Reddit in general So this is probably not new to much of the readers of this blog, Reddit is kind of a big deal at this moment in its lifespan. For those who do not know though, Reddit is a social media platform that touts itself as the "Frontpage of the Internet"  What makes this social media platform so much different than say Facebook or Twitter -- is…
Read More
27 Jul 2018
By Tony Knutson

Reddit, Lets Talk About It

Sorry for the very long delay. Between heading out to DC to TA/Moderate the FOR585 class and work, it has been very chaotic! No excuse, but just very busy. One thing though that I have been working on has been reversing the Reddit App that came out about a year or so ago. Now, what really drew me to this is I'm not seeing a lot of support from the main forensic tools out there…
Read More
28 Jun 2018
By Tony Knutson

So You Want to Get into DFIR? Social Media Edition

Posting 365 days straight is definitely a lot harder of a challenge than you would think! Even with scheduling, time just gets away from you. With this blog, I wanted to at least give my own opinion on something that could have some grave consequences against you as a DFIR specialist: Social Media. This was inspired by a post I saw on LinkedIn from a colleague who is a Senior Forensic Examiner within the public…
Read More
26 Jun 2018
By Tony Knutson

So You Want to Get into DFIR? Private Sector Edition

So you've decided that public sector is just not for you. Nothing wrong with that! We just need to work on getting you ready for different suits. This is a different animal all together! If you have a love for white collar issues, you'll see there is no end to the work you can do. If you love threat hunting, this will be a joy! What am I going to work?  This is going to…
Read More
25 Jun 2018
By Tony Knutson

So You Want to Get into DFIR? Public Sector Edition

So you've decided to go into the Public Sector for your Digital Forensics job? That is you've passed the rigorous background checks and the long awaited clearance background if you're going to a Federal entity. Awesome! What you'll probably see is that you'll already have some sort of training program put into place to get you going. On top of that you'll be working closely with folks who have "seen it all, done it all"…
Read More
24 Jun 2018
By Tony Knutson

So you want to get into DFIR?

For this week, I felt the need to touch on things for those who are looking for their pathway towards InfoSec, particularly with Digital Forensics & Incident Response.  So this will be a multi-part posting through the week with each day a different aspect. My hope is those who are looking to get into it will get something out of it, and for those within it may consider some things they had not yet...especially if…
Read More
23 Jun 2018
By Tony Knutson

Preparing for a GIAC Test….This is not the CISSP

I'm late for the day! Largely because my cities "summer festival" was last night and was out with friends, so blame them...not me :) This is a topic that has been touched on by others such as my good friend Lesley in her article in respects to making a good index for a GIAC exam. Lesley's template is still something I use, only over the course of my cert attempts I've tweaked it ever so…
Read More
22 Jun 2018
By Tony Knutson

Command Line or: How I learned to stop relying on GUI interfaces and love the syntax

So this is a little later than I thought I would post this, but life gets in the way! This is something very near and dear to me for a specific reason, my mentor was extremely anti GUI software. Not because he didn't understand (although he was about as G-Man you could imagine), but because he felt that to really understand the data, you needed to get into the weeds. Most vendor software out there…
Read More
20 Jun 2018
By Tony Knutson

Playing Nice in the Sandbox Together

Tell me how many of these you've heard of: Blue Team, Red Team, Purple Team, Green Team, Sprinkles Team ...okay that last one I just made up. Also, why doesn't DFIR ever have its own "team?" I'm not going to explain them all to you, but yes, these are in-fact terms of explanation of the many facets of IT Security in some way. In the mil days, they were a way of distinguishing who would…
Read More
19 Jun 2018
By Tony Knutson

Travel: It Is Not Just For Airline Status Pt. 2

In my last post, we were merely discussing things very pre-planning stages. While much of that was most likely already information known by the masses, it is still very important information for anyone who has never traveled abroad before for business. It is a different animal than when you do it for personal leisure. For the continuance of this, we are going to look at what is in my carry on bag when I am…
Read More
18 Jun 2018
By Tony Knutson

Travel: It Is Not Just For Airline Status Pt. 1

I elected to make this my first "real" posting to not only elaborate on the amazing work of my friend Lesley's post back in November, but to also provide my insight as someone who does it quite a bit. First, I'm not going into the "do's and don'ts" of a particular region or how to have proper OPSEC. Your security folks should be properly preparing you if you're going to austere conditions...not a blog. I will…
Read More
17 Jun 2018
By Tony Knutson

So, who am I?

Many are probably wondering who I am and if this is worth their own time. My hope is that it will be! To start, I won't go into my background too much...if you want to know it you'll probably be able to ask around to put the pieces together. Also, I'm not of the kind of person who thinks degrees and certs make the person. Do I have those? Yes, I do. We will leave…
Read More
16 Jun 2018
By Tony Knutson

Removing the Cloak

So I was basically challenged into starting up a blog in relation to giving back to the community. This was largely pushed by many of the SANS instructors within the digital forensics curriculum as there is a large gap within the field as a whole. Coming from my previous employer, this was just something that couldn't be done. We are always pushed to err on the side of caution while conducting any activity online as…
Read More