Uncategorized

Tools & Artifacts - Windows - new entries added - Program Compatibility Assistant, Security:4624 (Win11), and Notepad++ Tools & Artifacts - iOS- new entries added - Apple Watch Data and Continuity/Cellular Relay Tools & Artifacts - Android - new entry added - TikTok Annual Industry Reports - new entry added - Google Threat Report Jobs - old entries cleaned up, new entries added -Fortinet, Nissan, American Express, Verizon, Marriott, Synchrony, Tyson Foods, and FanDuel AboutDFIR…

DDoS-for-hire service provider jailed Matthew Gatrel, a 33-year-old man from St. Charles, Illinois, has been sentenced to two years in prison for running websites that provide powerful distributed denial-of-service (DDoS) attacks against internet users and websites. This sentencing resulted in the seizure of his websites, making the internet a little safer from DDoS attacks. Gatrel was the administrator and owner of DownThem.org and AmpNode.com, two DDoS-for-hire websites with thousands of clients which launched attacks against more than 200,000 targets. He was convicted of three…

The first AboutDFIR update of February 2021 is here: Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I've been continuing lots of work on GitHub to help improve…

I’m overdue for an update, so here we go!  I came across some pretty cool stuff recently.  I know I’ve said this before, but it really is a fantastic time to be involved in DFIR! Nick Caldwell won me over with the very first article of his I came across, and he hasn’t disappointed me since!  He’s such a solid force of wisdom: https://hackernoon.com/the-worst-career-advice-i-ever-received-54aaf2a50c93 https://medium.com/@nickcaldwell/latest @NickCald Unless you live in a cave, you probably already knew this, but Eric…

Sorry for the very long delay. Between heading out to DC to TA/Moderate the FOR585 class and work, it has been very chaotic! No excuse, but just very busy. One thing though that I have been working on has been reversing the Reddit App that came out about a year or so ago. Now, what really drew me to this is I'm not seeing a lot of support from the main forensic tools out there…

So you've decided that public sector is just not for you. Nothing wrong with that! We just need to work on getting you ready for different suits. This is a different animal all together! If you have a love for white collar issues, you'll see there is no end to the work you can do. If you love threat hunting, this will be a joy! What am I going to work?  This is going to…

So this is a little later than I thought I would post this, but life gets in the way! This is something very near and dear to me for a specific reason, my mentor was extremely anti GUI software. Not because he didn't understand (although he was about as G-Man you could imagine), but because he felt that to really understand the data, you needed to get into the weeds. Most vendor software out there…

Tell me how many of these you've heard of: Blue Team, Red Team, Purple Team, Green Team, Sprinkles Team ...okay that last one I just made up. Also, why doesn't DFIR ever have its own "team?" I'm not going to explain them all to you, but yes, these are in-fact terms of explanation of the many facets of IT Security in some way. In the mil days, they were a way of distinguishing who would…

Many are probably wondering who I am and if this is worth their own time. My hope is that it will be! To start, I won't go into my background too much...if you want to know it you'll probably be able to ask around to put the pieces together. Also, I'm not of the kind of person who thinks degrees and certs make the person. Do I have those? Yes, I do. We will leave…

So I was basically challenged into starting up a blog in relation to giving back to the community. This was largely pushed by many of the SANS instructors within the digital forensics curriculum as there is a large gap within the field as a whole. Coming from my previous employer, this was just something that couldn't be done. We are always pushed to err on the side of caution while conducting any activity online as…

This year, I have been nominated by the #DFIR industry for two categories of the Forensic 4:Cast awards (https://forensic4cast.com/). Please vote for Devon Ackerman as "Digital Forensic Investigator of the Year" and vote for this website, AboutDFIR.com, for "Digital Forensic Resource of the Year" for 2018. Regardless of who you cast your Forensic 4:cast 2018 votes for, please consider joining Mary Ellen and I in Austin, Texas at the SANS conference to celebrate no matter…