One of my students is currently researching data recovery on solid state drives. Part of the In this case the objective was to be able to determine.....

Blog

12 Apr 2013

This is just a small collection of some of the resources that are available if you are interested in learning python. It is not intended to be a.....

Blog

11 Apr 2013

At PFIC last year I ran a workshop on the analysis of NTFS and handed out some cheat sheets I made for examining NTFS in a hex editor. I have been using.....

Blog

26 Aug 2012

One of the topics that came up during Kevin Ripa's DFIROnline presentation was the concept of 4k sectors, or really sectors larger than 512 bytes......

Blog

24 May 2012

I have transferred to a new hosting provider and made a few upgrades to the website. The most So after a little bit of work I have created the DFIR.....

Blog

1 Mar 2012

Well the DFIROnline meetup went well tonight. The turn-up tripled from the first event, we had a max of 97 attendees at one point. Harlan and Eric both.....

Blog

17 Jan 2012

Over the past couple of days Harlan has been talking about people contributing to the DFIR .....

Blog

27 Dec 2011

I recently read the book the “Checklist Manifesto” by Atul Gawande In the book Atul describes how by creating and using checklists of common tasks.....

Blog

10 Nov 2011

I have spent the past few days at the PFIC conference in Utah, it was a blast, except for the .....

Blog

8 Nov 2011

A common question those seeking to enter the field of digital forensics ask is what do I need to .....

Blog

4 Nov 2011

It still amazes me that after all this time there is still more to learn about NTFS. Over the past year or so David has been working on a.....

DFIROnline

20 Mar 2013

Dave has years of experience working with windows forensics and security, he is also the author of a plethora of books (more here: http://www.amazon.com/s/ref=nb_ss_gw/........

DFIROnline

16 Feb 2013

A recording of the January DFIROnline meetup with Michael Cohen of Google .....

DFIROnline

17 Jan 2013

Android powered phones dominate the mobile phone market, and Android powered devices, such as tablets, E-readers, and netbooks, have substantial.....

DFIROnline

14 Dec 2012

I was lucky enough to attend the Open Source Digital Forensic conference last month and had the chance to see a bunch of new tools being.....

DFIROnline

17 Oct 2012

Back by popular demand (and this time not from hospital) Dave took us through the various log files on Microsoft Windows systems (you did know.....

DFIROnline

19 Sep 2012

For those of you who do not know Detective Cindy Murphy of the Madison Police Department is bit of a legend in the DFIR field. In.....

DFIROnline

15 Aug 2012

Vee joined in from South Africa, where it was 2am in the morning and presented the results of her analysis of Frostwire, something she deals with regularly.....

DFIROnline

18 Jul 2012

The MMA challenge was run by Alissa and Nik at CEIC this year and was the best session I attended. The most interesting part was that.....

DFIROnline

18 Jul 2012

This was a joint NY4sec & DFIROnline meetup, streamed live from John Jay College NY. There were a few microphone issues so the audio may fade.....

DFIROnline

18 Jun 2012

This meetup was part of a joint effort between DFIROnline and NY4Sec Jon was displayed on the big screen to folks at the NY4Sec meetup......

DFIROnline

18 Jun 2012

Jesse is a Computer Forensics Research Guru with Kyrus Technology. The best investigation is useless unless you can convey your results. There are.....

DFIROnline

16 May 2012

This all started with Adam from hexacorn (http://www.hexacorn.com/ ) asking some questions about a WD mybook on the win4n6 mailing list......

DFIROnline

16 May 2012

This was the first special request presentation, Willi originally presented this at NYC4SEC, it received lots of positive response and he.....

DFIROnline

2 May 2012

Meila Kelley is the famous Girl Unallocated here she presents a case experience where a user tried to cover their tracks using CCleaner, which.....

DFIROnline

18 Apr 2012

This is my favourite presentation so far. Kevin runs a data recovery business and takes us inside his home lab to show how things are.....

DFIROnline

18 Apr 2012

At the beginning of this month I was thinking that the schedule for DFIROnline was looking a .....

DFIROnline

16 Apr 2012

This is a great presentation, from Hal of Deer Run Associates ( http://deer-run.com/ ), Hal is a long time Linux user (and SANS instructor)......

DFIROnline

14 Mar 2012

Harlan introduced how to process VSC's in December now Corey looks at exactly how we can get the most value from this valuable resource......

DFIROnline

14 Mar 2012

Jon is a fellow professor at Champlain College, here he gives an introduction to encryption, with lots of hands on practical exercises. You.....

DFIROnline

15 Feb 2012

Peter and John work for D4 Discovery ( http://www.d4discovery.com/ ) and in this presentation review an data theft case they were involved.....

DFIROnline

15 Feb 2012

If you have any experience with digital forensics you will know that Harlan is a legend when it comes to windows analysis. In this session.....

DFIROnline

18 Jan 2012

Eric Huber (author of the award winning A Fistful of Dongles blog) gives an overview of APT and why it is important for businesses.....

DFIROnline

18 Jan 2012

I think the DFIROnline meetup went well tonight. The turn-up tripled from the first event, we .....

DFIROnline

18 Jan 2012

So after last night’s meetup I have a few thoughts on what went well and what did not. .....

DFIROnline

15 Dec 2011

So after one week I have got around to checking out the survey results. 68% of respondents went .....

DFIROnline

18 Nov 2011

At PFIC I was talking to Harlan Carvey about his NoVA meetups and how great they sounded. When I got home from PFIC it occurred to me that I have an online.....

DFIROnline

11 Nov 2011

This is a selection of some tools, cheatsheets and presentations I have developed over the years. .....

Resources

30 Oct 2020

I started this website back in 2011 when I was the Program Director of the Graduate Digital Forensic Programs at Champlain College, which I joined in August.....

About

30 Oct 2020

During the few years when I was first running this blog I tried a number of content management systems, including Joomla, Wordpress and Drupal. While they.....

About

30 Oct 2020

Your privacy is respected, as a moderately paranoid (well some would say terminally paranoid) individual I hate providing anyone with my personal information......

About

30 Oct 2020