Tip: There is a limited-time special offer at the end of this post :)
We work with an ocean of data and tools. Virtually unlimited in both aspects of the amount data and the number of tools to deal with the data. If you jump in the middle of this ocean of data and randomly grab any tool within arm’s reach, you will become overwhelmed, be ineffective, and wear yourself out. And at that, your complaints may be "there was too much data" and "the tools were terrible". But practically, it is the preparation that makes all the difference in how well you can handle the data *. With the right tools, immense amounts of data can be culled and analyzed without breaking too much of a sweat.
*By handle the data , I mean conducting forensic processes in the manner your job requires.
For example, if you know that you are going into physical combat a year from today, you would prepare yourself with training and the proper selection of weapons suited for the combat that you will be facing. You would practice with different weapons, different tactics, and different techniques to find that which fit your needs for what is coming. you will find that some weapons will be too big for you (but not for someone else). Some tactics will fit you perfectly (but might be useless for someone else). You have to find what works best for you to prepare for battle.
Bringing this back to forensics, we pretty much know that we will be seeing all types of data in all types of incidents or cases, at any given time in our profession. But we also have a good idea of what our job entails, which gives us a decent guide on how to prepare. We first look to our target (the type of work we do), learn how that work needs to be done, and choose the tool/s that best fits the task and hopefully satisfies our preferences. We choose our own weapons.
Choosing your Weapons from the Curation of DFIR Stuff
The DFIR Training website has a lot of DFIR stuff, way more than any one person could ever use. Some of the DFIR tools that are listed are so reliable and commonly used, that nearly everyone uses them. Others are obscure and certainly headed toward obsolescence (and practically no one uses them).
The same goes with all the curation of information on the DFIR Training website. Some white papers are eaten up daily by many while others are read by few. The terabytes of forensic images may not have but one image that suits your needs (or no image at all that fits your need!), but someone else may be able to use a dozen or more for training and research.
The intention of DFIR Training is providing a curation of as much DFIR resources as possible in one place, where you can sift through the stuff you don’t need to find the stuff that you do need. Only you can decide what you need.
The other purpose of the DFIR Training website is providing a venue where you can check to see what is going on in the DFIR world of tools and training to keep up with it. RSS feeds from DFIR bloggers, new books, software, white papers, training, and anything else pertinent to your job.
The one thing DFIR.Training cannot do is select exactly what you need for when you need it. Only you can do that. DFIR Training just lays it all out in front of you so that you can spend less time Googling and more time preparing for combat.
Now for something a little off topic (but still a bit on it)...
Early End of Summer Special
Although we have a few weeks left of summer, there is a 5-day End of Summer Patreon Special for those interested in getting some documented online training and ebooks. Here’s the special:
$125 $50. First 25 registrations only. This is what you get.
X-Ways Forensics Practitioner's Guide online course
101+ Tips and Tricks for X-Ways Forensics online course (plus ebook )
Placing the Suspect Behind the Keyboard online course
Forensic Operating Systems online course
Windows Forensic Environment-WinFE online course (plus ebook )
DFIR Case Studies Series online course
Geolocation Forensics online course (plus ebook )
And also a podcast that I put out. Plus, anything else that I do, it goes through Patreon first. More courses are coming up, some courses are being updated soon, and more ebooks are being written.
Be sure sign up after midnight!