20 Nov 2021
By Cassie Doemel

AboutDFIR Site Content Update 11/20/21

Hope everyone has a fantastic weekend and if you celebrate, hope you have a Happy Thanksgiving! Jobs - new entries added  Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: In case you missed it, SANS Pen Test HackFest Summit & Training 2021 link board is complete.…
Read More
06 Nov 2021
By Cassie Doemel

AboutDFIR Site Content Update 11/6/21

First update of November!  Jobs - new entries added - added expiration column Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: Looking forward to attending SANS Pen Test HackFest Summit & Training 2021 - Live Online. The free virtual summit portion is November 15 & 16…
Read More
23 Oct 2021
By Cassie Doemel

AboutDFIR Content Update 10/23/21

End of October update! Jobs - new entries added - added expiration column Annual Industry Reports - new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: Looking forward to attending SANS Pen Test HackFest Summit…
Read More
09 Oct 2021
By Cassie Doemel

AboutDFIR Content Update 10/09/2021

Over the last year with the new virtual options for SANS Summits, I've started attending a few and each time I've saved the links I could from the Slack before it goes down at night. Yesterday was the last day of the SANS Threat Hunting Summit so I have a new start.me board full of links for you to view if you're interested! SANS Threating Hunting Link List. Just a few site updates this round!…
Read More
25 Sep 2021
By Cassie Doemel

AboutDFIR Content Update 9/25/2021

I've been crawling through some of the older content on AboutDFIR and making some updates. If there's something you think needs more immediate attention, don't hesitate to throw a note in the site feedback form and I can start there. Annual Industry Reports - new entries added Law Enforcement Opt-Out Guide - new entries and updates Tools & Artifacts - Windows - new entries added, old entries updated AboutDFIR stickers are a thing! If you're…
Read More
11 Sep 2021
By Cassie Doemel

AboutDFIR Content Update 9/11/2021

Cassie bringing the update this week! I'm immersing myself in the DFIR world so it made sense to couple that up with some research and doing the Site Update was a perfect excuse to make it happen. On September 21st, Josh Mitchell and Andrew will be putting on a Webinar regarding the new DFIR artifact they've been researching called EventTranscript.db. Register for the webinar here! As always, you can find Andrew and his work on…
Read More
26 Aug 2021
By Andrew Rathbun

AboutDFIR Content Update 8/26/2021

The Forensic 4:cast Awards update is here: Jobs - new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like:   My colleague Josh Mitchell and I will be putting on a Webinar regarding the new DFIR…
Read More
08 Aug 2021
By Andrew Rathbun

AboutDFIR Content Update 8/8/2021

A huge backend update to AboutDFIR has arrived: Migration of all data tables on the site from WPDataTables to TablePress Main benefit: data within the tables are now searchable sitewide! As a result, most tables were refined in some form or another Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If…
Read More
26 Jul 2021
By Andrew Rathbun

AboutDFIR Content Update 7/26/2021

The Forensic 4:cast Awards update is here: Awards - updated for 2020 Awards that just occurred as well as adjusted years to be more accurate Certifications & Training - new entries added Tools & Artifacts - Windows - new entries added Tool Testing - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: The 2021 Forensic 4:cast Awards were last week. AboutDFIR…
Read More
17 Jul 2021
By Andrew Rathbun

AboutDFIR Content Update 7/15/2021

AboutDFIR's mid-July update arrives: Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: The 2021 Forensic 4:cast Awards voting period is open! Please be sure to vote for AboutDFIR if you feel we've served you well in 2020!…
Read More
02 Jul 2021
By Andrew Rathbun

AboutDFIR Content Update 7/2/2021

The first update of July arrives: Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia- new entries added Tools & Artifacts - File Systems - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: The 2021 Forensic 4:cast Awards…
Read More
19 Jun 2021
By Andrew Rathbun

AboutDFIR Content Update 6/19/2021

Lots of Windows artifact updates this week: Tools & Artifacts - DVR/Multimedia- new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: The 2021 Forensic 4:cast Awards voting period is open! Please be sure to vote for AboutDFIR if you feel we've served you well in 2020! Vote here! I've been continuing lots of…
Read More
05 Jun 2021
By Andrew Rathbun

AboutDFIR Content Update 6/5/2021

The first update of June awaits: Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia- new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - macOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: Sorry for the delay in posting.…
Read More
08 May 2021
By Andrew Rathbun

AboutDFIR Content Update 5/8/2021

The first update of May awaits: Tools & Artifacts - Android - new entries added Tools & Artifacts - Linux - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: The 2021 Forensic 4:cast Awards are open for the year 2020. If you feel that AboutDFIR served you well in 2020, we would…
Read More
19 Apr 2021
By Andrew Rathbun

AboutDFIR Content Update 4/19/2021

Yet another AboutDFIR update: KAPE Guide - new links added Timeline Explorer Guide - new links added Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: The 2021 Forensic 4:cast Awards are open for the year 2020. If…
Read More
10 Apr 2021
By Andrew Rathbun

AboutDFIR Content Update 4/10/2021

The first update of April is below: Awards - updated with info about the Forensic 4:cast Awards for 2021 Certifications & Training - new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us…
Read More
27 Mar 2021
By Andrew Rathbun

AboutDFIR Content Update 3/27/2021

The "I can't believe March is almost over already" update: Awards - updated with info about the Forensic 4:cast Awards for 2021 Certifications & Training - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: The 2021 Forensic 4:cast Awards are open for the year 2020. If you feel that AboutDFIR served you…
Read More
12 Mar 2021
By Andrew Rathbun

AboutDFIR Content Update 3/12/2021

The "I can't believe March is halfway over already" update: Annual Industry Reports - lots of new entries added Tool Testing - new images for macOS and iOS 14 from Josh Hickman Tools & Artifacts - Android - new entries added Tools & Artifacts - File Systems - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If…
Read More
21 Feb 2021
By Andrew Rathbun

AboutDFIR Content Update 2/21/2021

The second AboutDFIR update of February 2021 is here: Tool Testing - new images for macOS and iOS 14 from Josh Hickman Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: Not a lot of sections of the site updated this week, but lots of new, useful content added within those two sections. Check them out!…
Read More
29 Jan 2021
By Andrew Rathbun

AboutDFIR Content Update 1/29/2021

Yet Another AboutDFIR Update: Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia - new entries added Tools & Artifacts - macOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I've been continuing lots of work on GitHub to help improve the KAPE, RECmd, and EVTXECmd…
Read More
12 Jan 2021
By Andrew Rathbun

AboutDFIR Content Update 1/12/2021

The first update of 2021 is here: KAPE Guide - added links to KAPE Target Guide and Template Tools & Artifacts - Android - new entries added Tools & Artifacts - File Systems - new entries added Tools & Artifacts - iOS - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: For those who use Eric Zimmerman's Tools, make sure you're…
Read More
31 Dec 2020
By Andrew Rathbun

AboutDFIR Content Update 12/31/2020

Happy (almost) New Year and with that, the last update of 2020: Annual Industry Reports - new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: 2020 was an awesome year for AboutDFIR. We saw the…
Read More
18 Dec 2020
By Andrew Rathbun

AboutDFIR Content Update 12/18/2020

Likely the last site update post of the year: Tools & Artifacts - iOS - new entries added Tools & Artifacts - macOS - new entries added Tools & Artifacts - Windows - new entries added Tools & Artifacts - Linux - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: This week saw the release of the MFT Explorer/MFTECmd Guide. Check…
Read More
17 Dec 2020
By Andrew Rathbun

Introducing AboutDFIR’s MFT Explorer/MFTECmd Guide

Greetings everyone! I’ve been working on a detailed guide geared towards LE/Private Sector examiners who’ve never used MFT Explorer/MFTECmd before as well as anyone looking to learn what the tool is all about. Learning a new tool is intimidating and can be frustrating, but hopefully this guide will make things easier. The MFT Explorer/MFTECmd Guide comes on the heels of the previous guides I put together recently: KAPE, Timeline Explorer, and Registry Explorer/RECmd. All guides,…
Read More
05 Dec 2020
By Andrew Rathbun

AboutDFIR Content Update 12/5/2020

After a short break, we're back: Tools & Artifacts - DVR/Multimedia - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - macOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I finally put the GCFA behind me and thankfully I passed! I will be…
Read More
21 Nov 2020
By Andrew Rathbun

AboutDFIR Content Update 11/21/2020

After a short break, we're back: Tools & Artifacts - DVR/Multimedia - new entries added Tools & Artifacts - File Systems- new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I finally put the GCFA behind me and thankfully I passed! I will be…
Read More
07 Nov 2020
By Andrew Rathbun

AboutDFIR Content Update 11/7/2020

Happy November! A short update this week: Tools & Artifacts - File Systems- new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I am going to be taking my GCFA in a couple weeks so updates may be sparse between now and then. Once I (hopefully) pass the GCFA, look for an update…
Read More
31 Oct 2020
By Andrew Rathbun

AboutDFIR Content Update 10/31/2020

Happy Halloween! A summary of recent updates: KAPE - various updates/fixes Timeline Explorer - various updates/fixes Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - macOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: My guide for Registry…
Read More
23 Oct 2020
By Andrew Rathbun

AboutDFIR Content Update 10/23/2020

Greetings! A relatively small update this week: Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: Check out Devon Ackerman's recent appearance on the Forensic Happy Hour with Lee Reiber here! My guide for Registry Explorer/RECmd went up earlier this month! Check it out here as well as my KAPE and Timeline Explorer guides. Look for…
Read More
16 Oct 2020
By Andrew Rathbun

AboutDFIR Content Update 10/16/2020

Greetings! Another week, another content update: Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added Tool Testing - added Josh Hickman's new Android 11 image AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: Check out Devon Ackerman's appearance on the Forensic Happy Hour with Lee Reiber here! My guide for Registry Explorer/RECmd has been posted!…
Read More
07 Oct 2020
By Andrew Rathbun

AboutDFIR Content Update 10/7/2020

Greetings! Another week, another content update: Tools & Artifacts - Tools - Registry Explorer/RECmd- new guide added! Tools & Artifacts - iOS - new entries added Tools & Artifacts - Linux - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put together an AboutDFIR LinkedIn page AND a Digital Forensics Discord…
Read More
06 Oct 2020
By Andrew Rathbun

Introducing AboutDFIR’s Registry Explorer/RECmd Guide

Greetings everyone! I’ve been working on a detailed guide geared towards LE/Private Sector examiners who’ve never used Registry Explorer/RECmd before as well as anyone looking to learn what the tool is all about. Learning a new tool is intimidating and can be frustrating, but hopefully this guide will make things easier. The Registry Explorer/RECmd Guide comes on the heels of the previous guides I put together recently: KAPE and Timeline Explorer . All guides, current…
Read More
30 Sep 2020
By Andrew Rathbun

AboutDFIR Content Update 9/30/2020

Greetings! Yet another content update: Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put together an AboutDFIR LinkedIn page AND a Digital Forensics Discord Server LinkedIn page. Please follow both if you want to stay…
Read More
24 Sep 2020
By Andrew Rathbun

AboutDFIR Content Update 9/24/2020

Greetings! Yet another content update: Tools & Artifacts - iOS - new entries added Tools & Artifacts - macOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put together an AboutDFIR LinkedIn page AND a Digital Forensics Discord Server LinkedIn page recently. Please follow both if you want to…
Read More
16 Sep 2020
By Andrew Rathbun

AboutDFIR Content Update 9/16/2020

Greetings! Yet another content update: Challenges & CTFs - complete revamping! Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers Timeline Explorer in great detail with lots of animated GIFs to paint a better picture on how to use…
Read More
07 Sep 2020
By Andrew Rathbun

AboutDFIR Content Update 9/7/2020

Greetings! Yet another content update: Social Media - new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers Timeline…
Read More
05 Sep 2020
By Andrew Rathbun

Join Devon Ackerman on Cache Up

Cache Up is a series ran by Jessica Hyde of Magnet Forensics. Our very own Devon Ackerman will be featured on the Tuesday, September 8th episode at 1100 hours EST. If you can't make it live, then watch the recording on the Magnet Forensics YouTube channel in the Cache Up playlist. See you there! EDIT: Link is now posted here.
Read More
02 Sep 2020
By Andrew Rathbun

AboutDFIR Content Update 9/2/2020

Greetings! Another content update: Tools & Artifacts - iOS - new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers Timeline Explorer in great detail with lots of animated GIFs to paint a better picture on how…
Read More
02 Sep 2020
By Andrew Rathbun

Introducing the AboutDFIR LinkedIn Page!

This has been a long time coming but there now is an AboutDFIR LinkedIn page for you to follow for the latest blog posts, pages, and new DFIR content! We look forward to connecting with you. Speaking of keeping up to date, don't forget the AboutDFIR RSS Starter Pack exists! Keep up to date with all the most relevant DFIR newsfeeds all in once place!
Read More
26 Aug 2020
By Andrew Rathbun

AboutDFIR Content Update 8/26/2020

Greetings! Short content update this week: Jobs - lots of new jobs added KAPE - fixed potentially broken links in Table of Contents Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers Timeline Explorer in great detail with lots…
Read More
21 Aug 2020
By Andrew Rathbun

AboutDFIR Content Update 8/21/2020

Greetings! Short content update this week: Jobs - lots of new jobs added KAPE - added new links, refined a few details, etc AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers Timeline Explorer in great detail with lots of animated GIFs to paint a better picture on how to use it! Check it out here. Also,…
Read More
19 Aug 2020
By Andrew Rathbun

Introducing AboutDFIR’s Timeline Explorer Guide

Greetings everyone! I’ve been working on a detailed guide geared towards LE/Private Sector examiners who’ve never used Timeline Explorer before as well as anyone looking to learn what the tool is all about. Learning a new tool is intimidating and can be frustrating, but hopefully this guide will make things easier. This guide for Timeline Explorer comes on the heels of last month's release of the KAPE Guide. It can also be currently located in…
Read More
15 Aug 2020
By Andrew Rathbun

AboutDFIR Content Update 8/15/2020

Greetings! Short update this week: Jobs - lots of new jobs have been posted lately Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers KAPE in great detail with lots of animated GIFs to paint a better picture on…
Read More
08 Aug 2020
By Andrew Rathbun

AboutDFIR Content Update 8/8/2020

Greetings! Short update this week: Jobs - lots of new jobs have been posted lately Tools & Artifacts - iOS - new entries added Tools & Artifacts - DVR/Multimedia - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers KAPE in great detail with lots…
Read More
31 Jul 2020
By Andrew Rathbun

AboutDFIR Content Update 7/31/2020

Greetings! Short update this week: Jobs - lots of new jobs added Tools & Artifacts - iOS - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers KAPE in great detail with lots of animated GIFs to paint a better picture on how to use it! Check it out here. Also, if you're not…
Read More
23 Jul 2020
By Andrew Rathbun

AboutDFIR Content Update 7/23/2020

Greetings! Yet another content update: Awards - page updated to reflect 2020 Forensic 4:cast Awards results Social Media - new entries added Tools & Artifacts - macOS - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that…
Read More
18 Jul 2020
By Andrew Rathbun

AboutDFIR Content Update 7/18/2020

Greetings! A smaller update this week:  Annual Industry Reports - new entries added Tools and Artifacts - menu section reworked in preparation for upcoming additions to the site AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: The Forensic 4:cast Awards' were presented today and the community voted the Digital Forensics Discord Server as DFIR Resource of the Year! Thank you to all the support…
Read More
08 Jul 2020
By Andrew Rathbun

AboutDFIR Content Update 7/8/2020

Greetings! A smaller update this week:  Tools & Artifacts - macOS - new entries added Tools & Artifacts - Linux - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: REMINDER! The 2020 SANS DFIR Summit is FREE! Register here! It starts next week so don't miss out. The Forensic 4:cast Awards' will be presented at the end of the 2nd day…
Read More
02 Jul 2020
By Andrew Rathbun

AboutDFIR Content Update 7/2/2020

Greetings! Yet another content update:  AboutDFIR RSS Starter Pack - v2 released with new feeds! Tools & Artifacts - Windows - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - macOS - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: REMINDER! The 2020 SANS DFIR Summit is FREE! Register here! The Forensic 4:cast Awards'…
Read More