Filegen - file generator for tool testing
One of my students is currently researching data recovery on solid state drives. Part of the In this case the objective was to be able to determine.....
Blog
12 Apr 2013
Resources for learning python for forensics
This is just a small collection of some of the resources that are available if you are interested in learning python. It is not intended to be a.....
Blog
11 Apr 2013
Updated filesystem cheat sheets
At PFIC last year I ran a workshop on the analysis of NTFS and handed out some cheat sheets I made for examining NTFS in a hex editor. I have been using.....
Blog
26 Aug 2012
4096 byte sector drives, NTFS and forensic tools
One of the topics that came up during Kevin Ripa's DFIROnline presentation was the concept of 4k sectors, or really sectors larger than 512 bytes......
Blog
24 May 2012
New Website and a new resource
I have transferred to a new hosting provider and made a few upgrades to the website. The most So after a little bit of work I have created the DFIR.....
Blog
1 Mar 2012
DFIROnline Meetup review
Well the DFIROnline meetup went well tonight. The turn-up tripled from the first event, we had a max of 97 attendees at one point. Harlan and Eric both.....
Blog
17 Jan 2012
Free non-forensic windows programs for forensics and thanks.
Over the past couple of days Harlan has been talking about people contributing to the DFIR .....
Blog
27 Dec 2011
The beauty of forms
I recently read the book the “Checklist Manifesto” by Atul Gawande In the book Atul describes how by creating and using checklists of common tasks.....
Blog
10 Nov 2011
PFIC
I have spent the past few days at the PFIC conference in Utah, it was a blast, except for the .....
Blog
8 Nov 2011
What makes a good forensicator? or how to get a job in Digital Forensics
A common question those seeking to enter the field of digital forensics ask is what do I need to .....
Blog
4 Nov 2011
NTFS Triforce or anti anti forensics, David Cowen & Matt Seyer
It still amazes me that after all this time there is still more to learn about NTFS. Over the past year or so David has been working on a.....
DFIROnline
20 Mar 2013
Microsoft log parser & other tips & tricks for windows exams - Dave Kleiman
Dave has years of experience working with windows forensics and security, he is also the author of a plethora of books (more here: http://www.amazon.com/s/ref=nb_ss_gw/........
DFIROnline
16 Feb 2013
DFIROnline- Memory Forensics with Michael Cohen
A recording of the January DFIROnline meetup with Michael Cohen of Google .....
DFIROnline
17 Jan 2013
Android Forensics with volatility and LiME - Andrew Case
Android powered phones dominate the mobile phone market, and Android powered devices, such as tablets, E-readers, and netbooks, have substantial.....
DFIROnline
14 Dec 2012
Digital forensic tool demos - GRR, L2T Review, libvshadow, libevtx & TAPEWORM
I was lucky enough to attend the Open Source Digital Forensic conference last month and had the chance to see a bunch of new tools being.....
DFIROnline
17 Oct 2012
Windows Log File Analysis in depth, Dave Kleiman
Back by popular demand (and this time not from hospital) Dave took us through the various log files on Microsoft Windows systems (you did know.....
DFIROnline
19 Sep 2012
Forensic Story: The Odyssey of Mitra - A Modern Geek Tragedy - Cindy Murphy
For those of you who do not know Detective Cindy Murphy of the Madison Police Department is bit of a legend in the DFIR field. In.....
DFIROnline
15 Aug 2012
Frostwire analysis - Veronica Schmitt
Vee joined in from South Africa, where it was 2am in the morning and presented the results of her analysis of Frostwire, something she deals with regularly.....
DFIROnline
18 Jul 2012
Incident Response Takeaways from the MMA Challenge - Alissa Torres & Nik Roby
The MMA challenge was run by Alissa and Nik at CEIC this year and was the best session I attended. The most interesting part was that.....
DFIROnline
18 Jul 2012
An introduction to file carving - Mike Wilkinson
This was a joint NY4sec & DFIROnline meetup, streamed live from John Jay College NY. There were a few microphone issues so the audio may fade.....
DFIROnline
18 Jun 2012
What is it really like to be a digital forensic analyst? - Jon Williams
This meetup was part of a joint effort between DFIROnline and NY4Sec Jon was displayed on the big screen to folks at the NY4Sec meetup......
DFIROnline
18 Jun 2012
Forensic Storytelling - Jesse Kornblum
Jesse is a Computer Forensics Research Guru with Kyrus Technology. The best investigation is useless unless you can convey your results. There are.....
DFIROnline
16 May 2012
The challenges of storage devices using 4096 byte sectors - Mike Wilkinson
This all started with Adam from hexacorn (http://www.hexacorn.com/ ) asking some questions about a WD mybook on the win4n6 mailing list......
DFIROnline
16 May 2012
Getting to know your NTFS INDX Records - Willi Ballenthin
This was the first special request presentation, Willi originally presented this at NYC4SEC, it received lots of positive response and he.....
DFIROnline
2 May 2012
Case Experience: Data spoliation with CCleaner. - Girl Unallocated
Meila Kelley is the famous Girl Unallocated here she presents a case experience where a user tried to cover their tracks using CCleaner, which.....
DFIROnline
18 Apr 2012
Data Recovery and Its Role in Computer Forensics - Kevin Ripa
This is my favourite presentation so far. Kevin runs a data recovery business and takes us inside his home lab to show how things are.....
DFIROnline
18 Apr 2012
DFIROnline Updates
At the beginning of this month I was thinking that the schedule for DFIROnline was looking a .....
DFIROnline
16 Apr 2012
Linux Forensics for non Linux users - Hal Pomeranz
This is a great presentation, from Hal of Deer Run Associates ( http://deer-run.com/ ), Hal is a long time Linux user (and SANS instructor)......
DFIROnline
14 Mar 2012
Ripping Volume Shadow Copies - Tracking User Activity - Corey Harrell
Harlan introduced how to process VSC's in December now Corey looks at exactly how we can get the most value from this valuable resource......
DFIROnline
14 Mar 2012
A gentle introduction to cryptography - Jon Rajewski
Jon is a fellow professor at Champlain College, here he gives an introduction to encryption, with lots of hands on practical exercises. You.....
DFIROnline
15 Feb 2012
Case studies in eDiscovery. - Peter Coons & John Clingerman
Peter and John work for D4 Discovery ( http://www.d4discovery.com/ ) and in this presentation review an data theft case they were involved.....
DFIROnline
15 Feb 2012
Malware Detection with an acquired image, by Harlan Carvey
If you have any experience with digital forensics you will know that Harlan is a legend when it comes to windows analysis. In this session.....
DFIROnline
18 Jan 2012
The Advanced Persistent Threat or: How I Learned to Stop Worrying and Love DFIR - Eric Huber
Eric Huber (author of the award winning A Fistful of Dongles blog) gives an overview of APT and why it is important for businesses.....
DFIROnline
18 Jan 2012
DFIROnline Meetup review
I think the DFIROnline meetup went well tonight. The turn-up tripled from the first event, we .....
DFIROnline
18 Jan 2012
Thoughts about last night
So after last night’s meetup I have a few thoughts on what went well and what did not. .....
DFIROnline
15 Dec 2011
Online meetup survey results
So after one week I have got around to checking out the survey results. 68% of respondents went .....
DFIROnline
18 Nov 2011
Online DFIR meetups
At PFIC I was talking to Harlan Carvey about his NoVA meetups and how great they sounded. When I got home from PFIC it occurred to me that I have an online.....
DFIROnline
11 Nov 2011
Resources
This is a selection of some tools, cheatsheets and presentations I have developed over the years. .....
Resources
30 Oct 2020
About Writeblocked
I started this website back in 2011 when I was the Program Director of the Graduate Digital Forensic Programs at Champlain College, which I joined in August.....
About
30 Oct 2020
About the platform
During the few years when I was first running this blog I tried a number of content management systems, including Joomla, Wordpress and Drupal. While they.....
About
30 Oct 2020
Writeblocked/DFIROnline Privacy Policy
Your privacy is respected, as a moderately paranoid (well some would say terminally paranoid) individual I hate providing anyone with my personal information......
About
30 Oct 2020