Most of us want to be good at DFIR, no matter what small slice of the DFIR pie we do. We take training. We read. We theorize. We test theories. We do the work. But we become stagnant no matter how much more money and time we spend on training and education. This is because we keep to ourselves. We want the same thing: to do good casework! But we do...

Scenario (yes, this really happened): Parents reported their daughter missing. They gave the assigned detective a laptop that their daughter was using prior to being lured from home. The assigned detective conducted his own "triage" of the laptop by turning the laptop on poking around looking for clues. He even logged into the daughter's social med...

 I am was not an AXIOM Cyber user. This post is going to give you a few pointers of succeeding in DFIR as an examiner or developer while using Magnet Forensics' AXIOM CYBER application as a case example. These pointers are also self-reminders to me, so everything I say is personal to me as it is potential guidance for you. Before going any fur...