All posts filed under: Incident Response

#14 – Rest in Peace, DFIR Dog

comments 4
Digital Forensics / Incident Response

Today’s post is an incredibly tough one to write. This morning my buddy, my best friend, my DFIR Dog passed away. He lived a great life and was loved by so many. Whenever I would work from home, he would lovingly announce his presence on conference calls, show his face on video calls, and would stare at the computer screen helping me analyze evidence. He was to be the topic of my presentation for next […]

#13 – Exploring macOS

comment 1
Digital Forensics / Incident Response / Mac Artifacts

Per the recommendation of someone, I took a peek inside the macOS /private/var directory. If you have never examined the contents, I suggest you do. For example, one of the directories contains logs. Hint: It’s the “log” directory. Over the next few posts, I will explain some of these logs and files for you. Then we will back out of this directory and dive into another. Stay tuned!

#12 – Supporting Women in Tech

comment 1
Conferences / Digital Forensics / Incident Response

The Diana Initiative is hosting a two-day conference on August 9 and 10, during the week of Black Hat and DEFCON. The conference is FREE for attendees, and this year’s theme is “Hacker Family: Our Diversity Unifies Us.” According to their website, the organization was set up to: Encourage diversity and support women who want to pursue careers in information security Promote diverse and supportive workplaces Help change workplace cultures This year’s conference schedule has […]

#1 – The Zeltser Challenge

comments 4
Digital Forensics / Incident Response

It’s no secret that people have pushed for more community sharing in DFIR, assuming one’s company or role allows that sharing. A few years ago, David Cowen entered a daring experiment to write a daily blog. This was based on Lenny Zeltser’s challenge, lovingly termed “The Zeltser Challenge” among the community, in which one writes a blog post every day for a year. Matt Bromiley also embarked on the challenge. The goal of the challenge is […]

DFIR Summit Family Reunion

comment 1
Conferences / Digital Forensics / Incident Response

“Reunited and it feels so good…” That lyric sums up my overall thoughts on the annual SANS DFIR (Digital Forensics and Incident Response) Summit experience in Austin, TX. Although, so does this song by Dual Core. This conference is easily my favorite of the year. The talks are highly technical, but not to the point of overwhelming with your eyes glazing over. You can find the links to the presentations here. There were a surprising […]