DFIR Training Blog

   


 

Upcoming additions to DFIR Training and more news!

Reviews!

I have a few items to review that I am about to have time to get to. DeepSpar, ForensicNotes, and a few others to finish up testing to talk about.

Forensic Artifact Database

Available only to Patreon patrons now as early access, but it is coming along (screenshot below this post of one artifact example). Please please please do not create an account on dfir.training unless you are a patron ( https://www.patreon.com/DFIRtraining ). I am only approving patrons at this point and plan on opening the database to the public in a few months. Patrons are early access and contributors at this point. It will be freely available when it will have enough artifacts to be useful most every time you access it.

Also, I will have a new thing on DFIR Training that is closely associated and integrated with the forensic artifacts: Self learning lesson plans (see #5 below) .

ForensicFocus.com podcast guest

I'm being scheduled to speak on ForensicFocus.com's new podcast and looking forward to it. Should happen the first part of this month (July).

Advertisers

I have not aggressively sought out advertisers to this point and only spoke to less than a handful (several are on the site now); however, as I now have some help with the site, I have the time and means to put forth efforts on marketing dfir.training to advertisers. There will not be any popups, or selling visitor information or email addresses. But I am offering banners and logos to companies as you see on the site now. Plus, I am offering customized business listings, tools listings, and a few other aspects of helping good companies get their name out. Having advertisers will allow me to supercharge DFIR Training with more content. The goal of dfir.training is to have this site be your one-stop DFIR shop for all things DFIR, or if not all, at least 98% of everything you can need to learn, research, and download references to support your work. Advertisers will help keep the website content fresh and free.

Patreon

Updates on what things are in progress and upcoming:

1-Building your own test forensic images . I have been asked about creating personal test images, so I will either create a how-to video or do a live stream so that I can take questions. If you have a preference, let me know.  Consider time of day may be a problem and everyone may not make a live stream, but I'll have a recorded copy uploaded regardless.

2- WinFE is driving me up the wall.  What started as a little update is taking forever to get right to avoid voiding the EULA. That's also a part of discussion with the test image creation.  WinFE is still coming; the labor is just a lot to get it done in piecemeal.  I spoke too soon that it would be finished, right before I started going through the little things that tied up the release.

Also, with the amount of time spent on getting the build done where you can build and use it without worry about voiding a MS EULA, I will have the build project only available on Patreon , probably for the better part of a year before making it publicly available...and also will probably individually license the build to you by name.  Basically, for your patience for the WinFE to get done, you'll get it first, and be the only ones to get the build project licensed for your use.

The slidedeck for the updated WinFE will be available when WinFE is completed.  The new WinFE slidedeck will be available only for patrons ($20 and higher subscription) , and I am granting all patrons the right to use the slidedeck to teach WinFE (internally, externally, freely, and for profit) .  If you teach the new WinFE, you'll also be able to distribute the build in your training. Basically, if you want, you can be a licensed WinFE instructor as you'll have the best build and be the only people who are licensed to license others with the new build.

The updated slidedeck will be different from the current slidedeck if you have downloaded it already. I believe the new WinFE build may completely replace the current WinFE. That is the goal anyway as it is much better.

3-The forensic artifact database is crawling along but picking up speed now as I have the format set up where I think it will work best.   If you don't have access yet, be sure to create an account at https://www.dfir.training/tools/artifacts .  Send me a message after you create your account as I am manually granting access to the database for patrons only as early access.  Patrons at all levels of subscription can have access; I just need to know when you create an account so that I can grant access. I'm getting a ton of account registrations from non-patrons, but I'm only granting access to current patrons for at least the next few months.

4-I will be publishing a new forensic case study this week that has some neat aspects in it.

5-If you caught the latest video I put out on DIY DFIR Training , I spoke about how you can create your self-training programs.  I plan to put out a few lesson plans as time goes on, and haven't decided to do it wiki style or just link to a lesson plan that you can download from each artifact's page. So, as an example, the lnk forensic artifact page would have a download of a lesson plan on lnk files, where you can document your personal training hours. Something like this:

Most importantly, I sincerely, from the bottom of my heart, appreciate your support. It really makes a difference, and you are my greatest motivators.  Sincerely.

These are the updates on what things are in progress and upcoming at https://www.patreon.com/DFIRtraining . If you are not a patron yet and interested in joining, these are the current works in progress for patrons.

1-Building your own test forensic images . I have been asked about creating personal test images, so I will either create a how-to video or do a live stream so that I can take questions. If you have a preference, let me know.  Consider time of day may be a problem and everyone may not make a live stream, but I'll have a recorded copy uploaded regardless.

2- WinFE is driving me up the wall.  What started as a little update is taking forever to get right to avoid voiding the EULA. That's also a part of discussion with the test image creation.  WinFE is still coming; the labor is just a lot to get it done in piecemeal.  I spoke too soon that it would be finished, right before I started going through the little things that tied up the release.

Also, with the amount of time spent on getting the build done where you can build and use it without worry about voiding a MS EULA, I will have the build project only available on Patreon , probably for the better part of a year before making it publicly available...and also will probably individually license the build to you by name.  Basically, for your patience for the WinFE to get done, you'll get it first, and be the only ones to get the build project licensed for your use.

The slidedeck for the updated WinFE will be available when WinFE is completed.  The new WinFE slidedeck will be available only for patrons ($20 and higher subscription) , and I am granting all patrons the right to use the slidedeck to teach WinFE (internally, externally, freely, and for profit) .  If you teach the new WinFE, you'll also be able to distribute the build in your training. Basically, if you want, you can be a licensed WinFE instructor as you'll have the best build and be the only people who are licensed to license others with the new build.  Eventually, the build will be publicly available to all, licensed or not.

The updated slidedeck will be different from the current slidedeck if you have downloaded it already. I believe the new WinFE build may completely replace the current WinFE. That is the goal anyway as it is much better.

3-The forensic artifact database is crawling along but picking up speed now as I have the format set up where I think it will work best.   If you don't have access yet, be sure to create an account at https://www.dfir.training/tools/artifacts .  Send me a message after you create your account as I am manually granting access to the database for patrons only as early access.  Patrons at all levels of subscription can have access; I just need to know when you create an account so that I can grant access. I'm getting a ton of account registrations from non-patrons, but I'm only granting access to current patrons for at least the next few months.

4-I will be publishing a new forensic case study this week that has some neat aspects in it.

5-If you caught the latest video I put out on DIY DFIR Training , I spoke about how you can create your self-training programs.  I plan to put out a few lesson plans as time goes on, and haven't decided to do it wiki style or just link to a lesson plan that you can download from each artifact's page. So, as an example, the lnk forensic artifact page would have a download of a lesson plan on lnk files, where you can document your personal training hours. Something like this:

Patreon Courses

Subscribers ($20 or higher) have access to the following courses, which include a printable certificate of completion so that you can document your hours of training :)

The current list of courses available through Patreon are:

Written by :Brett Shavers

{rscomments option="com_rsblog" id="71"}