This book is a comprehensive and informative guide for those interested in digital forensics and investigations. The book covers a wide range of topics related to forensic analysis of Linux systems, including data acquisition, evidence preservation, and various forensic techniques. It is a fantastic read, even before going deep into it forensically, the digital and…
Tag: DFIR

[DFIR TOOLS] Hasher, what is it & how to use!
Following on from the previous [DFIR TOOLS] posts. Hasher is a software application developed by Eric Zimmerman that is used to calculate and compare the hash values of files. A hash value is a unique code that is generated based on the contents of a file. By comparing the hash values of two files, it…

Interview With One of the Great DFIR Talents, Alessandro Di Carlo (samaritan_o)
Alessandro is and unbelievable talent in the DFIR world, not only do I look forward to anything he writes either on his own site or over on The DFIR Report but on social media also. He knows his stuff and I just don’t say this because he writes at The DFIR Report who in my…

Interview with DFIR Legend Alexis Brignoni
For this interview I have had the please to speak with someone who is so prevalent in DFIR, is very highly thought of and is a pleasure to have got the chance to chat. I have been trying to learn Python for what seems like forever, and it was where I first spent any kind…

Learn Computer Forensics – Second Edition by William Oettinger for Packt REVIEW
Hello, I have had the absolute pleasure to be reading and working though this book ` Learn Computer Forensics: Your one-stop guide to searching, analysing, acquiring, and securing digital evidence, 2nd Edition`. “Computer Forensics, being a broad topic, involves a variety of skills which will involve seizing electronic evidence, acquiring data from electronic evidence, data…

Interview With DFIR Legend Brett Shavers
If there were a Mount Rushmore or people in DFIR this person would be on it. He has been in the scene for a long time and runs the excellent resource https://www.dfir.training/ “All things Digital Forensics/Incident Response, DFIR. Software, hardware, training, education, white papers, blog lists, social media contacts, service provider directory, books, jobs, Wikis,…

[DFIR TOOLS] bstrings, what is it & how to use!
Following on from the previous [DFIR TOOLS] posts. [DFIR TOOLS] Timeline Explorer, what is it & how to use! [DFIR TOOLS] AmcacheParser, what is it & how to use [DFIR TOOLS] AppCompatCacheParser, what is it & how to use! This time I will speak about bstrings again from the Eric Zimmerman suite. We will start with…

Interview with Krzysztof (Chris) Stanko ‘The Forensic Guy’, a Mobile & Computer Forensic Examiner and co-founder of Data Rescue Labs inc
Hello, For this interview I am going to speak to someone that many of the regular visitors to the site might not be aware of Chris ‘The Forensic Guy’ Stanko. I was scrolling through Tik Tok one evening and stumbled across this guy who was brute forcing passwords on a Galaxy S9 and was fascinated…

[DFIR TOOLS] AppCompatCacheParser, what is it & how to use!
Following on from the previous [DFIR TOOLS] posts. [DFIR TOOLS] Timeline Explorer, what is it & how to use! [DFIR TOOLS] AmcacheParser, what is it & how to use This time I will speak about AppCompatCacheParser again from the Eric Zimmerman suite. We will start with Erics description on its purpose:- AppCompatCache aka ShimCache parser. Handles…

[DFIR TOOLS] AmcacheParser, what is it & how to use!
Following on from the previous [DFIR TOOLS] posts below, this time I will speak about AmcacheParser again from the Eric Zimmerman suite. [DFIR TOOLS] Timeline Explorer, what is it & how to use! We will start with Erics description on its purpose:- “Amcache.hve parser with lots of extra features. Handles locked files” But what is…