×

Warning

JUser: :_load: Unable to load user with ID: 1014
JUser: :_load: Unable to load user with ID: 1837
DFIR Training

DFIR Training

Tuesday, 14 January 2020 15:39

What's New at DFIR Training

Written by
New Tool! (Sort of). WinFE 10 I would say that WinFE 10 can be considered a new forensic tool because it now runs in ARM. If you have dealt with an ARM device, you are probably excited to hear this. If you haven’t dealt with an ARM device yet, the second you get one, you will flashback to this post about WinFE 10. Colin Ramsden, of WinFE Write Protect Tool fame, further developed WinFE into…
Wednesday, 23 October 2019 17:28

DFIR Client Interviews

Written by
I recently had the opportunity to talk with “Tom” about his experiences in using Forensic Notes. Tom has been a client for over a year and had the following to say… Read more at: https://www.forensicnotes.com/dfir-client-interviews/
Wednesday, 09 October 2019 10:11

Experts, Thought Leaders, and Influencers

Written by
Experts, Thought Leaders, Influencers The short version Don’t mistake the misuse and abuse of these terms as a reason to avoid using them all together. The longer version The social media negativity given to the terms of expert, thought leader, and influencer makes this a risky topic to write. However, given that is National Cybersecurity Awareness Month (NCSAM), I find it relevant to talk about them in order to bring back usefulness to these terms…
Sunday, 01 September 2019 21:11

Enter to win a DeepSpar Guardonix!

Written by
I'm giving away a DeepSpar Guardonix on September 15, 2019. I will post a personal review of the Guardonix here on www.dfir.training prior to the giveaway. If you want a preview of the review, here it is... this is something that is worthy to keep in your DFIR toolbox for many reasons and worth the expense. I'll get into the details in the review later when it is posted in the coming two weeks. Read…
Saturday, 31 August 2019 23:07

Forensicators! Choose your weapons!

Written by
We work with an ocean of data and tools. Virtually unlimited in both aspects of the amount data and the number of tools to deal with the data. If you jump in the middle of this ocean of data and randomly grab any tool within arm’s reach, you will become overwhelmed, be ineffective, and wear yourself out. And at that, your complaints may be "there was too much data" and "the tools were terrible". But…
Thursday, 29 August 2019 22:58

Guardonix

Written by
We are DeepSpar and we have been manufacturing professional data recovery equipment since 2004. At this point thousands of dedicated data recovery companies utilize our tools and Guardonix is our first device built primarily for computer forensics. We can proudly say that our manufacturing, development, and technical support services have always been provided from right here in Canada. In this blog we will periodically post videos giving technical information on different computer forensics concepts and…
TL:DR Belkasoft Evidence Center lives up to its tagline of “forensics made easier”. For a near complete automated case work, it works. An intuitive interface and automated processes make processing practically user-error free. The review I took Belkasoft Evidence Center (BEC) for a test drive, ran it across several images, and validated what I saw with a different forensic suite. Everything that I tested, worked. Plus, it did a few things that my other tools…
Only 10 ways? Probably a lot more. But these are the top 10 that I have seen (some that I have experienced!) that can make a DFIR case go in a direction that you rather it not go; downhill! Collection If the data collection is “wrong”, the analysis only goes downhill from there. The many ways that “wrong” can go include: Failing to reasonably protect the data, not collecting the relevant data, not safeguarding the…
Sunday, 07 July 2019 10:17

The best forensic test image ever!

Written by
The best forensic test image is the image that you personally create, and this is probably not the answer you want to hear because you know just how long it will take to create an image from scratch. I'm not talking about imaging your personal machine, but rather, building an entirely new system from scratch, filling it full of data and user activity, and subsequently creating a forensic image of it. Lots of effort. Lots…
Reviews! I have a few items to review that I am about to have time to get to. DeepSpar, ForensicNotes, and a few others to finish up testing to talk about. Forensic Artifact Database Available only to Patreon patrons now as early access, but it is coming along (screenshot below this post of one artifact example). Please please please do not create an account on dfir.training unless you are a patron (https://www.patreon.com/DFIRtraining). I am only…