Stand by to stand by. Another great forensic software giveaway by Arsenal Recon!
No cost to enter. No cost to win. Arsenal Recon might contact you if you don’t win to see if you have any questions about their tools, or maybe they won’t. If you don’t already have Arsenal’s tools, take a look at what you are missing, and throw your email in the hat for the drawing. https://arsenalrecon.com/products/
The rules : You must answer your email (if you win) on the day of the drawing on NOVEMBER 29 , no later than 5pm (Pacific Standard Time). If you don’t answer your email by 5pm, it goes to the runner up. The runner up will be happy if you don’t answer, so be sure to check your email. And you spam folder, just in case.
Oh yeah. Just enter your email and name once. No multiple (different) email addresses with different names to increase the odds of winning. The license goes to the name and email entered, so be sure to enter yours correctly.
Drawing is closed.
Halloween special expired
The Halloween special expired this weekend, and the regular subscription is back at $125. Still, at $125, you get access to all the courses and ebooks and podcast and anything else I can throw at you with rewards and neat stuff. Subscribe here: https://www.patreon.com/DFIRTraining
To start, I’ve gone ahead and opened the DFIR Training’s forensic artifact database prior to its completion or even near completion. It is now fully integrated into dfir.training.
I know that the DFIR Training Forensic Artifact Database is not a “wiki”, but I also know that the forensic wiki was rarely updated (by anyone, including users). I plan on updating the artifact database for as long as I work in this field, and probably beyond that time too.
A forensic artifact repository has been talked about for years (one example: https://windowsir.blogspot.com/2008/01/artifact-repositories.html ), and I’ve seen several attempts of repositories come and go. Part of the reason that I believe this is a difficult talk is that:
-SOOOOO MANY ARTIFACTS
-Difficult to organize as many artifacts can fit in many categories
-They change and may be different based on OS, version of OS, etc…
-Difficult to present in an easy to use manner, as in, click on an artifact to get the information
Here is what you can expect from this database:
-Ever changing (Some ideas won’t work, so they will be removed)
-Ever growing (So much to add! So many new artifacts discovered!)
-Some bugs with the display and layout (it is a work in progress!)
As with everything on DFIR Training, suggestions and complaints are welcome to help make it better. And the database is free, no login or account required.
I would appreciate taking a few minutes to answer some pol l questions about the database here:
Upcoming online course: OSINT + Forensics
A short course, and not strictly “OSINT”, but only that which benefits the analysis, not a complete OSINT course will be published this month. Basically, if you do forensic analysis, there are some OSINT tricks that can benefit your examination, without going all-out OSINT on non-forensic analysis Internet hunting. Available to DFIR Training subscribers only .
The DFIR Training Social Network Page☹
In brief, the DFIR Training social networking page is going offline. I think the social networking aspect of the page was a good idea, but it turned out not to be what I wanted to do mostly due to time required and the number of online options available (Discord, Slack, forums, etc..). I also was using it to manage giveaways, but it turns out creating an online form is much easier to manage.
There is a new social network, “ The Cyber Social Hub ” created by Kevin DeLong , which has some good promise. I joined and plan on spending time poking around soon. Any source of DFIR information and networking is worth taking a look at, to give and share information.