Stand by to stand by. Another great forensic software giveaway by Arsenal Recon!
No cost to enter. No cost to win. Arsenal Recon might contact you if you don’t win to see if you have any questions about their tools, or maybe they won’t. If you don’t already have Arsenal’s tools, take a look at what you are missing, and throw your email in the hat for the drawing. https://arsenalrecon.com/products/
The rules : You must answer your email (if you win) on the day of the drawing on NOVEMBER 29 , no later than 5pm (Pacific Standard Time). If you don’t answer your email by 5pm, it goes to the runner up. The runner up will be happy if you don’t answer, so be sure to check your email. And you spam folder, just in case.
Oh yeah. Just enter your email and name once. No multiple (different) email addresses with different names to increase the odds of winning. The license goes to the name and email entered, so be sure to enter yours correctly.
Halloween special expired
The Halloween special expired this weekend, and the regular subscription is back at $125. Still, at $125, you get access to all the courses and ebooks and podcast and anything else I can throw at you with rewards and neat stuff. Subscribe here: https://www.patreon.com/DFIRTraining
The Forensic Wiki (www.forensicwiki.org)
This may or may not come as a surprise, but the Forensic Wiki (I’m referring to forensicwiki.org), is gone once again. If you have used this resource as I have in the past, you will miss it as I have.
The forensicwiki.org domain and wiki have changed hands at least once, maybe twice or more over the years, and I have decided to take over the reins to continue it in some fashion after the domain was abandoned.
To start, I’ve gone ahead and opened the DFIR Training’s forensic artifact database prior to its completion or even near completion. It is now fully integrated into dfir.training.
I know that the DFIR Training Forensic Artifact Database is not a “wiki”, but I also know that the forensic wiki was rarely updated (by anyone, including users). I plan on updating the artifact database for as long as I work in this field, and probably beyond that time too.
A forensic artifact repository has been talked about for years (one example: https://windowsir.blogspot.com/2008/01/artifact-repositories.html ), and I’ve seen several attempts of repositories come and go. Part of the reason that I believe this is a difficult talk is that:
-SOOOOO MANY ARTIFACTS
-Difficult to organize as many artifacts can fit in many categories
-They change and may be different based on OS, version of OS, etc…
-Difficult to present in an easy to use manner, as in, click on an artifact to get the information
Here is what you can expect from this database:
-Ever changing (Some ideas won’t work, so they will be removed)
-Ever growing (So much to add! So many new artifacts discovered!)
-Some bugs with the display and layout (it is a work in progress!)
As with everything on DFIR Training, suggestions and complaints are welcome to help make it better. And the database is free, no login or account required.
I would appreciate taking a few minutes to answer some pol l questions about the database here:
Upcoming online course: OSINT + Forensics
A short course, and not strictly “OSINT”, but only that which benefits the analysis, not a complete OSINT course will be published this month. Basically, if you do forensic analysis, there are some OSINT tricks that can benefit your examination, without going all-out OSINT on non-forensic analysis Internet hunting. Available to DFIR Training subscribers only .
The DFIR Training Social Network Page☹
In brief, the DFIR Training social networking page is going offline. I think the social networking aspect of the page was a good idea, but it turned out not to be what I wanted to do mostly due to time required and the number of online options available (Discord, Slack, forums, etc..). I also was using it to manage giveaways, but it turns out creating an online form is much easier to manage.
There is a new social network, “ The Cyber Social Hub ” created by Kevin DeLong , which has some good promise. I joined and plan on spending time poking around soon. Any source of DFIR information and networking is worth taking a look at, to give and share information.
Winner of the Forensic Notes Giveaway
The three winners have been chosen! Justin Bartshe, Matt Bertsch, and Michael Callan each won a 3-year license of Forensic Notes, and I can’t wait to hear how their notetaking opinions are going to change for the better (not that they are doing it wrong, but we can all do better).
DFIR Training Trick or Treat Special
The regular price of $125 is dropping 60% in a Trick or Treat Special that starts on October 31 at 11:59PM and ends on November 7, 2019 at 11:59PM. Limited to only the first 50 subscribers. Current subscribers can drop down to $50 too!
Dozens of hours of training, as much as you want, for as long as you want to subscribe, including ebooks, podcast, and more upcoming courses. And when you complete a course, you get printable proof of completion to document your hours formally.
Tools and new blog
Ian Whiffin both started a new DFIR blog and released several forensic tools worth checking out at https://www.doubleblak.com/index.php .
Why is this notable on DFIR Training? Because if you are not listed on dfir.training like Ian, you should be :)
More events added, with a large group of courses by MSAB scheduled well into 2020.
Another Directory Map
In process is a DFIR business directory map, exactly like the DFIR Association Directory map. Should be done soon. The point of the map is that you will be able to zoom down to where you want to find a local DFIR business (software, hardware, services). If you haven’t seen the DFIR Associations Map, check it out!
DFIR Training Newsletter
Sign up to get the first newsletter coming out soon. This is not your daddy’s DFIR newsletter by the way.
The Official DFIR Training sticker
It’s the best-selling merch item so far that I have, with ‘Digital Forensics is a lot like being a medical examiner, but without the blood’ t-shirt taking up a close second.
The Next DFIR Tool Giveaway….
It’s coming…details being worked out. Stay tuned!
Collected, embedded, sorted, and presented to you for ease of learning the DFIR. More videos coming, webinars, and featured videos too. Stay tuned as more get added!
That’s it for this week! But guess what..more coming next week!
On October 28, 2018, I will be choosing THREE entries to win a 3-year license of Forensic Notes . That means, 3 chances to win a 3-year license. This is quite the giveaway, worth the price of entry, which is FREE.
A review of Forensic Notes is upcoming, but to enter now , check out the post here: https://www.dfir.training/dfir-training-blog/forensic-notes-giveaway
New bloggers added! It’s good to see new blogs and hopefully this will encourage more to write, ie, share knowledge. Still the most comprehensive DFIR blog list in the galaxy.
Patreons at https://www.patreon.com/DFIRtraining heard me talk personally about my path, thoughts, and reasons for me working in DFIR in my latest podcast. https://www.patreon.com/posts/10-10-2019-30663648
A new case study (#13) available to all Patreon subscribers. https://www.patreon.com/posts/case-study-13-30644671
Speaking of Patreon...
By subscribing, you’ll support DFIR Training’s resource website! And in return, get access to online training courses, a podcast, and other cool things. Courses like
And more courses coming in the next months. The current subscription is $125/month, cancel anytime. Pick back up where you left off anytime.
This is a work in progress. I started it a few weeks ago, didn’t like the way that it was organized, so I’m redoing it. The map will match the directory https://www.dfir.training/directory/associations and you can search and filter the listings to find exactly what you are looking for.
By popular request, I made a sticker. And then I made some t-shirts. And coffee cups. Take a look at the DFIR Training swag store here https://www.teepublic.com/user/dfirtraining .
I have some shirts on Amazon too at https://www.amazon.com/s?rh=n%3A7141123011%2Cp_4%3ADFIR+Training&ref=w_bl_sl_s_ap_web_7141123011 .
DFIR businesses! Request a media kit before the year is out to get 2020 marketing packages at the 2019 prices :)
All DFIR Training Patreon’s were given the promotion code for 25% off (basically gives you the adapter set free as part of the Standard + Pro firmware purchase, which comes out to 25% off).
On that DeepSpar Guardonix…
I’ve been running it over images that I made in cases that had bad sectors, but weren’t bad enough to send off for recovery (mostly due to client budgets). I used reverse imaging (X-Ways) which was helpful at the time, but with the 3 drives that I tried, 2 out of 3 were able to be fully imaged and the 3 rd drive recovered more than half of what was skipped prior. That is pretty good for not having a clean room and extensive hard drive repair training using just a write blocker.
There are 3 more forensic software applications coming up for giveaways, one per month. As I clarify the details for each giveaway, I’ll be posting about them as well as testing them myself. I also will be getting back to some book giveaways as I’ll have time on a half dozen flights to finish reading them.
More events have been added to the calendar. https://www.dfir.training/calendar . Get your event listed or featured on DFIR Training here: https://www.dfir.training/add-your-listing (conferences are listed free!).
Updated list of DFIR podcasts. There’s a lot. A whole lot. https://www.dfir.training/resources/dfir-social/dfir-podcasts . Some are no longer being updated, but the archives hold some really good content. Did I miss your podcast? Guess what..let me know and I’ll add it ? https://www.dfir.training/contact-dfir-training
More content planned :)
New Podcast uploaded to Patreon subscribers, where I talked about some recent news, a software test that I doing with Dan Mares, DeepSpar and the giveaway and 25% promotion code, and a few other things.
DFIR Training has a new logo. Probably will be a sticker soon...actually, going to be a sticker soon.
Thanks to all for your input!
Updates on the DeepSpar Guardonix giveaway . If you entered, be sure to check your email on Sept 15. I'll give the winner until Sept 16 to respond, but then if no response, the Guardonix goes to the runner-up. Runner-ups love it when the winner misses out. Don't miss out!
As to how I pick the winners to the giveaways...I let the Internet do it. Specifically, every entry (your email) is on a spreadsheet, and is numbered in order (1, 2, 3, etc...). If I have 300 entries, I let Google pick a number between 1 and 300. That's the winner. I do it again if the winner doesn't respond. Your email is not put online to randomly pick it, only your number on the spreadsheet. You'll also get one, and only one email from me for the entry to let you know that you won or didn't win.
I have a promotion code to give out on Sept 15 for 25% off the DeepSpar Guardonix (Professional Edition with adapters). This comes to about $250 off from a tad more more than $1000 purchase for the set. The promotion code is Patreon subscribers only, but if you were looking to purchase the Guardonix, you could join Patreon for just one month to get the discount and still come out $125 ahead. Plus, you'd get access to the courses, podcasts, ebook downloads, and everything else during that time. Just sayin... https://www.patreon.com/DFIRtraining
I am working on finishing an OSINT & Forensics online course this month. This is a shorter version of any OSINT course you can find online as it is specific to using OSINT to a forensic analysis. Not everyone is tracking criminals across the Internet, but those working a forensic analysis can use some of the techniques to help in analysis.
The current Placing the Suspect Behind the Keyboard course is being completely revamped. This will be an Instructor-Trainer course, which will include downloadable materials (images, data, lesson plans, slidedecks, quizzes) that you can use to teach internally at your organization or university forensics program. Basically, you'll have everything to teach the course in a turn-key solution. Patreon subscribers only.
Now that I have help with the DFIR Training website content, the forensic artifact database will be getting populated faster than before. Still, it is early access for Patreon subscribers only , but will be open publicly when it is at least twice as populated with artifacts as it is now. This may take a month or so, but eventually will be open.