Lots of updates and new content at DFIR Training!
A very cool software review, a new giveaway, updated lists, new downloads, DFIR Case Studies, and even more to come. There is so much going on in the DFIR online world now since all of us are adjusting to the world's current situation. But to never lose an opportunity, if you are have the fortune to be at home to work, take the time to take care of yourself and take advantage of all the opportunities that are being given by those in the DFIR community. From training, reading, podcasts, and blogs, spend time to keep your skills up and learn new skills.
Probably most important is to keep yourself healthy and safe.
One of the neatest things that I have done this week was play around, I mean test Belkasoft's checkm8 feature. My oh my. I ran a half dozen iOS devices through it and every single time was a joy to connect, enter DFU mode, and create an awesome image of each device. Awesome in that getting an image from an iPhone with such ease and completeness is simply too cool and absolutely helpful.
Next week, I will be putting Foxton Forensics' through the grinder and write up my thoughts of their tool. To be honest, I've been using it...really like it...but will writing it up for you to read. Be sure to enter the contest to win a license!
Checkm8 and Belkasoft!
I did a dozen runs with Belkasoft’s support of Checkm8. Outstanding work on Belkasoft’s part on supporting the latest iPhone exploit. Very easy to use. Very quick. Very effective. Check out my review for the details at Belkasoft’s Checkm8 . After that, check out Belkasoft .
The Great DFIR Tool Giveaway
Submit your entry now for a chance to win Foxton Forensics’ Browser History Examiner . I have an upcoming review and when the review is posted, I’ll be drawing the winner. Open to all and the only thing you need to submit is your name and contact information. If you don’t win, you might be contacted by Foxton Forensics to see if you have any questions, but the winner certainly will be contacted for download and licensing instructions. Free to enter. Free to win. But you have to enter for a chance.
DFIR Case Studies
By now you might be looking for things to do around the house…so with that, I am releasing a few DFIR Case Studies that may be of interest. The case studies are publicly available cases where I make personal assumptions on how the case was investigated and how I may or may not have worked the case the same. I have more than a dozen of these at the DFIR Training Patreon page and create a new one ever so often when I find (or informed of) good cases that would work for a DFIR Case Study. Take a look here: https://www.youtube.com/playlist?list=PL9irkLlgx28f9MJbL_ini0p1ZAGsHiKa5.
By the way, Patreon subscribers receive proof of DFIR Case Study training with a printable cert of completion. No, I am not certifying anyone for anything with DFIR Case Studies, but I am giving subscribers proof of the time spent learning how to investigate DFIR related cases. Bosses like those pieces of paper, I mean, proof of training. So do courts. And future employers.
DFIR RSS Feeds
To save you some work on building a DFIR RSS feed list, you can download DFIR Training’s feed to import into your reader. Be prepared tho…there are a ton of DF/IR feeds ?
Download the Ultimate DFIR RSS Feed from the Ultimate List of DFIR Bloggers page and import into your RSS reader. All the hard work has been done for you.
DFIR Bloggers list
Speaking of the Ultimate List of DFIR Bloggers, the entire list has been updated. Unfortunately, some blogs have completely disappeared from the Internet. But fortunately, I found a few new and inspiring bloggers!
If your DFIR blog is not listed, let me know! Seriously. I want to add your blog, but just don’t know about it or I overlooked it.
I received a few lists to upload and created a bunch more, all for the taking (or downloading…). There is no better publicly available keyword list in the galaxy and I’ll keep adding list as I get ideas and as I am sent lists (or ideas for lists). Check out the lists here: https://www.dfir.training/popular-lists
What’s a keyword list, if you were wondering..? Simple a text file, with a single category that you can use to import into your forensic or ediscovery application to search for “hits” or “files”. Simply, if you have a cocaine case, import the cocaine list to more easily find all references to all things related to cocaine. Same with weapons, or software code, or violence or etc…
It goes without saying to stay safe, keep your family safe, and take advantage of every situation that comes your way.