Our website may use cookies to improve and personalize your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense or Google Analytics. By using the website, you consent to the use of cookies. We’ve updated our Privacy Policy. Please click on the button to check our Privacy Policy.

AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

AboutDFIR Blog Posts Archive

AboutDFIR Content Update 10/16/2020

Greetings! Another week, another content update: Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added Tool Testing - added Josh Hickman's new Android 11 image AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: Check out Devon Ackerman's appearance on the Forensic Happy Hour with Lee Reiber here! My guide for Registry Explorer/RECmd has been posted!…
Read More

AboutDFIR Content Update 10/7/2020

Greetings! Another week, another content update: Tools & Artifacts - Tools - Registry Explorer/RECmd- new guide added! Tools & Artifacts - iOS - new entries added Tools & Artifacts - Linux - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put together an AboutDFIR LinkedIn page AND a Digital Forensics Discord…
Read More

Introducing AboutDFIR’s Registry Explorer/RECmd Guide

Greetings everyone! I’ve been working on a detailed guide geared towards LE/Private Sector examiners who’ve never used Registry Explorer/RECmd before as well as anyone looking to learn what the tool is all about. Learning a new tool is intimidating and can be frustrating, but hopefully this guide will make things easier. The Registry Explorer/RECmd Guide comes on the heels of the previous guides I put together recently: KAPE and Timeline Explorer . All guides, current…
Read More

AboutDFIR Content Update 9/30/2020

Greetings! Yet another content update: Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put together an AboutDFIR LinkedIn page AND a Digital Forensics Discord Server LinkedIn page. Please follow both if you want to stay…
Read More

AboutDFIR Content Update 9/24/2020

Greetings! Yet another content update: Tools & Artifacts - iOS - new entries added Tools & Artifacts - macOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put together an AboutDFIR LinkedIn page AND a Digital Forensics Discord Server LinkedIn page recently. Please follow both if you want to…
Read More

AboutDFIR Content Update 9/16/2020

Greetings! Yet another content update: Challenges & CTFs - complete revamping! Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers Timeline Explorer in great detail with lots of animated GIFs to paint a better picture on how to use…
Read More

AboutDFIR Content Update 9/7/2020

Greetings! Yet another content update: Social Media - new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers Timeline…
Read More

Join Devon Ackerman on Cache Up

Cache Up is a series ran by Jessica Hyde of Magnet Forensics. Our very own Devon Ackerman will be featured on the Tuesday, September 8th episode at 1100 hours EST. If you can't make it live, then watch the recording on the Magnet Forensics YouTube channel in the Cache Up playlist. See you there! EDIT: Link is now posted here.
Read More

AboutDFIR Content Update 9/2/2020

Greetings! Another content update: Tools & Artifacts - iOS - new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers Timeline Explorer in great detail with lots of animated GIFs to paint a better picture on how…
Read More

Introducing the AboutDFIR LinkedIn Page!

This has been a long time coming but there now is an AboutDFIR LinkedIn page for you to follow for the latest blog posts, pages, and new DFIR content! We look forward to connecting with you. Speaking of keeping up to date, don't forget the AboutDFIR RSS Starter Pack exists! Keep up to date with all the most relevant DFIR newsfeeds all in once place!
Read More

AboutDFIR Content Update 8/26/2020

Greetings! Short content update this week: Jobs - lots of new jobs added KAPE - fixed potentially broken links in Table of Contents Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers Timeline Explorer in great detail with lots…
Read More

AboutDFIR Content Update 8/21/2020

Greetings! Short content update this week: Jobs - lots of new jobs added KAPE - added new links, refined a few details, etc AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers Timeline Explorer in great detail with lots of animated GIFs to paint a better picture on how to use it! Check it out here. Also,…
Read More

Introducing AboutDFIR’s Timeline Explorer Guide

Greetings everyone! I’ve been working on a detailed guide geared towards LE/Private Sector examiners who’ve never used Timeline Explorer before as well as anyone looking to learn what the tool is all about. Learning a new tool is intimidating and can be frustrating, but hopefully this guide will make things easier. This guide for Timeline Explorer comes on the heels of last month's release of the KAPE Guide. It can also be currently located in…
Read More

AboutDFIR Content Update 8/15/2020

Greetings! Short update this week: Jobs - lots of new jobs have been posted lately Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers KAPE in great detail with lots of animated GIFs to paint a better picture on…
Read More

AboutDFIR Content Update 8/8/2020

Greetings! Short update this week: Jobs - lots of new jobs have been posted lately Tools & Artifacts - iOS - new entries added Tools & Artifacts - DVR/Multimedia - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers KAPE in great detail with lots…
Read More

SANS FOR508: A Review

Introduction I recently attended the SANS DFIR Summit 2020 and took FOR508 with Chad Tilbury. I elected to take the GCFA certification which I am currently preparing for and creating my index similar to how I laid out in a previous blog post. At Kroll, FOR500 and FOR508 are our daily bread and butter so I was very excited to finally take FOR508. LiveOnline Review First things first, let's cover the new format SANS is…
Read More

AboutDFIR Content Update 7/31/2020

Greetings! Short update this week: Jobs - lots of new jobs added Tools & Artifacts - iOS - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that covers KAPE in great detail with lots of animated GIFs to paint a better picture on how to use it! Check it out here. Also, if you're not…
Read More

AboutDFIR Content Update 7/23/2020

Greetings! Yet another content update: Awards - page updated to reflect 2020 Forensic 4:cast Awards results Social Media - new entries added Tools & Artifacts - macOS - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I recently put out a guide that…
Read More

Introducing AboutDFIR’s KAPE Guide

Greetings everyone! I've been working on a detailed guide geared towards LE/Private Sector examiners who've never used KAPE before as well as anyone looking to learn what the tool is all about. Learning a new tool is intimidating and can be frustrating, but hopefully this guide will make things easier. The guide can be found here. It can also be currently located in the site's recently redesigned menu via Tools & Artifacts -> Tools ->…
Read More

AboutDFIR Content Update 7/18/2020

Greetings! A smaller update this week:  Annual Industry Reports - new entries added Tools and Artifacts - menu section reworked in preparation for upcoming additions to the site AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: The Forensic 4:cast Awards' were presented today and the community voted the Digital Forensics Discord Server as DFIR Resource of the Year! Thank you to all the support…
Read More

DFIR Without Certs – What Books Can Help You

This has been an absolute long time coming from me, I think! The reason for this is during the crazy times we currently live in here in 2020, this is probably something I should have worked on much earlier to give folks a bit of a leg up on some reading material. Coming full circle, I feel this is something that really needs to be updated within our field. One of the few places where…
Read More

AboutDFIR Content Update 7/8/2020

Greetings! A smaller update this week:  Tools & Artifacts - macOS - new entries added Tools & Artifacts - Linux - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: REMINDER! The 2020 SANS DFIR Summit is FREE! Register here! It starts next week so don't miss out. The Forensic 4:cast Awards' will be presented at the end of the 2nd day…
Read More

AboutDFIR RSS Starter Pack v2 released!

Greetings! I am happy to share a new version of the AboutDFIR RSS Starter Pack! The AboutDFIR RSS Starter Pack was first introduced earlier this year in March 2020. Since then, lots of new content channels have been created largely thanks to the forced stay-at-home experiment brought on by the COVID-19 pandemic. As always, the AboutDFIR RSS Starter Pack can always be found on its dedicated page on the site. For those who already have…
Read More

AboutDFIR Content Update 7/2/2020

Greetings! Yet another content update:  AboutDFIR RSS Starter Pack - v2 released with new feeds! Tools & Artifacts - Windows - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - macOS - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: REMINDER! The 2020 SANS DFIR Summit is FREE! Register here! The Forensic 4:cast Awards'…
Read More

AboutDFIR Content Update 6/24/2020

Greetings! A very small content update this week, but there's lots in the pipeline:  Tools & Artifacts - Windows - cleaned up table contents, more changes to come AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: REMINDER! The 2020 SANS DFIR Summit is FREE! Register here! The Forensic 4:cast Awards' nomination period has concluded and voting is open! Cast your final vote here. Feel…
Read More

AboutDFIR Content Update 6/16/2020

Greetings! More new content this week:  Annual Industry Reports - more new Annual Reports added Tools & Artifacts - iOS - new entries added Tools & Artifacts - macOS - new entries added Videos/Webinars -new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: BREAKING NEWS! The 2020 SANS DFIR Summit is FREE! Register here! The Forensic 4:cast Awards' nomination period has concluded…
Read More

AboutDFIR Content Update 6/10/2020

Greetings! Lots of new content this week:  Annual Industry Reports - many new 2020 Annual Reports added Tools & Artifacts - Windows - new entries added and page overhauled separating Artifacts and Tools Tools & Artifacts - iOS - new entries added Tools & Artifacts - macOS - new entries added Videos/Webinars -new entries added Jobs - new jobs added, old ones purged, and added Date Added to the table Tool Testing - new entries…
Read More

AboutDFIR Content Update 6/2/2020

Greetings! Lots of new content this week:  Tools & Artifacts - iOS - new entries added Tools & Artifacts - Android - new entries added Challenges & CTFs - new walkthroughs added Videos/Webinars - added TeelTech's YouTube channel Tool Testing - new entries added A new month brings a new featured page of the month. This month is the AboutDFIR RSS Starter Pack! This was introduced back in March of this year and it's a…
Read More

AboutDFIR Content Update 5/27/2020

Greetings! Lots of new content this week:  DFIR Research - new completed research added, great job Adhirath Kapoor! Tools & Artifacts - macOS - new entries added Tools & Artifacts - iOS - new entry added Tools & Artifacts - Windows - new entries added Tools & Artifacts - File Systems - new entry added Tools & Artifacts - Android - new entries added Tools & Artifacts - Linux - new entries added The Magnet…
Read More

AboutDFIR Content Update 5/21/2020

Greetings! Another short content update this week:  Tools & Artifacts - macOS - new entry added Tools & Artifacts - Windows - new entries added Tools & Artifacts - Android - new entries added Men of #DFIR - various entries updated As stated previously, updates will be sparse this month due to the Magnet Virtual Summit 2020 taking place currently that has been keeping me busy most days of the week. However, look for some…
Read More

AboutDFIR Content Update 5/14/2020

Greetings! A very short content update this week:  Tools & Artifacts - iOS - new entries added Updates will be sparse this month due to the Magnet Virtual Summit 2020 taking place currently that has been keeping me busy most days of the week. However, look for some larger-scale changes to come in June. There's only so much time in the day! However, there's plenty of other things going on right now. Speaking of the Magnet Virtual…
Read More

InfoSec News Nuggets 5/7/2020

DigiCert hit as hackers wriggle through (patched) holes in buggy config tool DigiCert, slinger of SSL/TLS certificates, has warned that it too has suffered at the hands of Salty miscreants as a key used for Signed Certificate Timestamps (SCT) was potentially compromised. The company joins Ghost.org and LineageOS in being the target of ne'er do wells as attackers exploited a disclosed (and patched) vulnerability in the Salt configuration tool over the weekend, spraying exposed infrastructure with cryptocurrency mining software.…
Read More

AboutDFIR Content Update 5/5/2020

Greetings! The first week of May brings new site content as detailed below:  Tools & Artifacts - iOS - new entries added Tools & Artifacts - File Systems - new entries added Tools & Artifacts - Linux - new entries added Tools & Artifacts - Windows - new entries added as well as every 13Cubed video relating to a Windows artifact Challenges & CTFs - new entries added DFIR Research - new entry added under…
Read More

AboutDFIR Content Update 4/29/2020

Greetings! A short update this week:  Certifications & Training - new entry added (Harvard's FREE CS50: Introduction to Computer Science course) Tools & Artifacts - Windows - new entries added Tools & Artifacts - iOS - new entries added In case you missed them, check out my latest blog posts: A General Overview of DFIR Resources and A Beginner’s Guide to the Digital Forensics Discord Server!  Make sure you're keeping up on Kevin Ripa's 3MinMax…
Read More

InfoSec News Nuggets 4/29/2020

Online auction of record-breaking whisky collection hit by cyber-attack A record-breaking online auction of rare whiskies has been postponed indefinitely after being targeted in a cyber-attack. The sale of Richard Gooding’s “The Perfect Collection” was marketed as “the largest and most unprecedented private whisky collection ever to be offered for public sale”. The first phase of the auction, consisting of more than 1,900 bottles, fetched more than £3.2m earlier this year. The second phase of…
Read More

AboutDFIR Content Update 4/23/2020

Greetings! This week's update is detailed below:  Some Home Page updates first: New site feedback form added under the Submit menu, let us know what you think here New AboutDFIR Blog Posts Archive added under the Reading menu, check it out here Added More button underneath the last 12 blog posts at the bottom of the home page which will link to the AboutDFIR Blog Posts Archive  Now for the usual content updates: Tool Testing…
Read More

A Beginner’s Guide to the Digital Forensics Discord Server

Introduction This post has been a long time coming for me. I will use this post to address all newbie questions I've fielded in regard to the use of Discord, or how to join the server successfully. Believe it or not, we have a lot who join the server but never gain access due to not following through with the brief verification process new members have to go through. This post is aimed to help…
Read More

A General Overview of DFIR Resources

Introduction The world of Digital Forensics and Incident Response (DFIR) is so expansive that it's impossible for one person to know it all, let alone a fraction of it. To combat this, one must first be aware of and second utilize the resource that's best catered to the issue at hand. There are multiple resources out there that digital forensic examiners and incident responders should be aware of.  Not all resources are created equal nor…
Read More

AboutDFIR Content Update 4/14/2020

Greetings! This week's update is detailed below:  Tool Testing - new memory image added by Alissa Torres Videos/Webinars - new entries added  Certifications & Training - new entries added (Hal Pomeranz' Intro to Linux Forensics course) Tools & Artifacts - macOS - new entries added Tools & Artifacts - Windows - new entries added Social Media - multiple new Discord servers added Jobs - multiple new jobs posted Brian Carrier, the author of File System…
Read More

AboutDFIR Content Update 4/9/2020

Greetings! This week's update is detailed below:  Tools & Artifacts - Windows - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia - new entries added Challenges & CTFs - new entries added Podcasts - new entries added If there's something you think should be on the website, let us know! Per usual, you can reach me via…
Read More

AboutDFIR Content Update 4/4/2020

Greetings! This week's update is detailed below:  Social Media - new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added Certifications & Training - new entries added Tool Testing - new entries added Tune in to this upcoming Monday's episode of "Life Does Not Have a Ctrl+Alt+Del" hosted by Heather Mahalik where I am the featured guest! I will be talking about the Digital…
Read More

AboutDFIR Content Update 3/27/2020

Happy Friday! This week's update is detailed below:  Mobile/Tablet home page menus fixed, sorry for the inconvenience Awards - page updated to reflect that nominations for the Forensic 4:cast Awards are now open Tools & Artifacts - Android - new blog posts added Tools & Artifacts - File Systems - new blog posts added Tools & Artifacts - iOS - new blog posts added Tools & Artifacts - Linux - new blog posts added In…
Read More

Introducing the AboutDFIR RSS Starter Pack!

Greetings! I am excited to share something that has been in the back of my mind for a while now. Introducing the AboutDFIR RSS Starter Pack! Basically, this is a curated list of blogs, DFIR vendor websites, and other cyber security related websites categorized for your convenience. A simple import into your Feedly account (or RSS app of choice) and you're up and running! This is the first iteration of this project and will be…
Read More

AboutDFIR Content Update 3/18/2020

Greetings! Here's another site content update:  Research Ideas - new research ideas added based on user submission Women of #DFIR - new entries added Social Media - new hashtags added to Twitter Tools & Artifacts - macOS - renamed to macOS, URL updated, and new entries added Tools & Artifacts - Android - new entries added Tools & Artifacts - iOS - new entries added If there's something you think should be on the website,…
Read More

AboutDFIR Content Update 3/11/2020

Greetings! Yet another content update:  Annual Industry Reports - new report added Tools & Artifacts - DVR/Multimedia - new blog post added Tools & Artifacts - Windows - new blog posts added Tools & Artifacts - iOS - new blogs post added Robert Chesney recently released a 137-page book titled Cybersecurity Law, Policy, and Institutions. Download the free PDF here! I'm currently working on a blog post that'll analyze the pros and cons of all…
Read More

AboutDFIR Content Update 3/2/2020

Greetings! The first update of March 2020 is detailed below:  Preservation Letter/Search Warrant Templates - all templates got a once over with some new language relating to US Code 2703(f), plus Google, Twitter, and Microsoft were added to the bunch Podcasts - new podcast added (SANS GIAC Podcast) Tools & Artifacts - Windows - new blog post entry added Challenges & CTFs - multiple new entries added Jobs - data table has been cleaned up…
Read More

My Take on Preparing for GIAC Certification Exams

SANS GIAC Certifications are highly sought after because of the technical expertise required for completing them successfully. They are not to be taken lightly and are held in high regard due to them not being a “gimme” for the test taker. If you do not prepare, your score will reflect that and you risk not passing. The stakes are high due to the cost of the certification ($789 per attempt as of this writing when…
Read More

AboutDFIR Content Update 2/23/2020

Greetings! Another content update in the wake of Phill Moore's new This Week in 4n6 post:  Challenges & CTFs - new entries with walkthroughs added Men of #DFIR - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added White Papers - new entry added (DFRWS Papers & Presentations) Did you know that you can add AboutDFIR's newsfeed easily to your Feedly account? Just…
Read More

I want to see your Resume!

Do you know of someone just graduating with their college degree in #DFIR or #CyberSecurity or #security looking for their first job? I am interested! Send me a resume -> devon.ackerman@kroll.com with Resume in the subject line. Tag your friends, tag your colleagues.
Read More

AboutDFIR Content Update 2/20/2020

Greetings! A relatively small site content update but please see other important items below:  Scholarships - added SANS' Ken Johnson Scholarship 2020  Tools & Artifacts - Linux - added new GitHub resource by ashemery First off, the 2020 Forensic 4:cast Awards Nominations are now open! Be sure to cast your nominations before May 15th, 2020. In the meantime, brush up on the past years' winners on the Awards page.  Secondly, Humble Bundle, one of my…
Read More