Filegen - file generator for tool testing

One of my students is currently researching data recovery on solid state drives. Part of the In this case the objective was to be able to determine.....

Blog

12 Apr 2013

Resources for learning python for forensics

This is just a small collection of some of the resources that are available if you are interested in learning python. It is not intended to be a.....

Blog

11 Apr 2013

Updated filesystem cheat sheets

At PFIC last year I ran a workshop on the analysis of NTFS and handed out some cheat sheets I made for examining NTFS in a hex editor. I have been using.....

Blog

26 Aug 2012

4096 byte sector drives, NTFS and forensic tools

One of the topics that came up during Kevin Ripa's DFIROnline presentation was the concept of 4k sectors, or really sectors larger than 512 bytes......

Blog

24 May 2012

New Website and a new resource

I have transferred to a new hosting provider and made a few upgrades to the website. The most So after a little bit of work I have created the DFIR.....

Blog

1 Mar 2012

DFIROnline Meetup review

Well the DFIROnline meetup went well tonight. The turn-up tripled from the first event, we had a max of 97 attendees at one point. Harlan and Eric both.....

Blog

17 Jan 2012

Free non-forensic windows programs for forensics and thanks.

Over the past couple of days Harlan has been talking about people contributing to the DFIR .....

Blog

27 Dec 2011

The beauty of forms

I recently read the book the “Checklist Manifesto” by Atul Gawande In the book Atul describes how by creating and using checklists of common tasks.....

Blog

10 Nov 2011

PFIC

I have spent the past few days at the PFIC conference in Utah, it was a blast, except for the .....

Blog

8 Nov 2011

What makes a good forensicator? or how to get a job in Digital Forensics

A common question those seeking to enter the field of digital forensics ask is what do I need to .....

Blog

4 Nov 2011

NTFS Triforce or anti anti forensics, David Cowen & Matt Seyer

It still amazes me that after all this time there is still more to learn about NTFS. Over the past year or so David has been working on a.....

DFIROnline

20 Mar 2013

Microsoft log parser & other tips & tricks for windows exams - Dave Kleiman

Dave has years of experience working with windows forensics and security, he is also the author of a plethora of books (more here: http://www.amazon.com/s/ref=nb_ss_gw/........

DFIROnline

16 Feb 2013

DFIROnline- Memory Forensics with Michael Cohen

A recording of the January DFIROnline meetup with Michael Cohen of Google .....

DFIROnline

17 Jan 2013

Android Forensics with volatility and LiME - Andrew Case

Android powered phones dominate the mobile phone market, and Android powered devices, such as tablets, E-readers, and netbooks, have substantial.....

DFIROnline

14 Dec 2012

Digital forensic tool demos - GRR, L2T Review, libvshadow, libevtx & TAPEWORM

I was lucky enough to attend the Open Source Digital Forensic conference last month and had the chance to see a bunch of new tools being.....

DFIROnline

17 Oct 2012

Windows Log File Analysis in depth, Dave Kleiman

Back by popular demand (and this time not from hospital) Dave took us through the various log files on Microsoft Windows systems (you did know.....

DFIROnline

19 Sep 2012

Forensic Story: The Odyssey of Mitra - A Modern Geek Tragedy - Cindy Murphy

For those of you who do not know Detective Cindy Murphy of the Madison Police Department is bit of a legend in the DFIR field. In.....

DFIROnline

15 Aug 2012

Frostwire analysis - Veronica Schmitt

Vee joined in from South Africa, where it was 2am in the morning and presented the results of her analysis of Frostwire, something she deals with regularly.....

DFIROnline

18 Jul 2012

Incident Response Takeaways from the MMA Challenge - Alissa Torres & Nik Roby

The MMA challenge was run by Alissa and Nik at CEIC this year and was the best session I attended. The most interesting part was that.....

DFIROnline

18 Jul 2012

An introduction to file carving - Mike Wilkinson

This was a joint NY4sec & DFIROnline meetup, streamed live from John Jay College NY. There were a few microphone issues so the audio may fade.....

DFIROnline

18 Jun 2012

What is it really like to be a digital forensic analyst? - Jon Williams

This meetup was part of a joint effort between DFIROnline and NY4Sec Jon was displayed on the big screen to folks at the NY4Sec meetup......

DFIROnline

18 Jun 2012

Forensic Storytelling - Jesse Kornblum

Jesse is a Computer Forensics Research Guru with Kyrus Technology. The best investigation is useless unless you can convey your results. There are.....

DFIROnline

16 May 2012

The challenges of storage devices using 4096 byte sectors - Mike Wilkinson

This all started with Adam from hexacorn (http://www.hexacorn.com/ ) asking some questions about a WD mybook on the win4n6 mailing list......

DFIROnline

16 May 2012

Getting to know your NTFS INDX Records - Willi Ballenthin

This was the first special request presentation, Willi originally presented this at NYC4SEC, it received lots of positive response and he.....

DFIROnline

2 May 2012

Case Experience: Data spoliation with CCleaner. - Girl Unallocated

Meila Kelley is the famous Girl Unallocated here she presents a case experience where a user tried to cover their tracks using CCleaner, which.....

DFIROnline

18 Apr 2012

Data Recovery and Its Role in Computer Forensics - Kevin Ripa

This is my favourite presentation so far. Kevin runs a data recovery business and takes us inside his home lab to show how things are.....

DFIROnline

18 Apr 2012

DFIROnline Updates

At the beginning of this month I was thinking that the schedule for DFIROnline was looking a .....

DFIROnline

16 Apr 2012

Linux Forensics for non Linux users - Hal Pomeranz

This is a great presentation, from Hal of Deer Run Associates ( http://deer-run.com/ ), Hal is a long time Linux user (and SANS instructor)......

DFIROnline

14 Mar 2012

Ripping Volume Shadow Copies - Tracking User Activity - Corey Harrell

Harlan introduced how to process VSC's in December now Corey looks at exactly how we can get the most value from this valuable resource......

DFIROnline

14 Mar 2012

A gentle introduction to cryptography - Jon Rajewski

Jon is a fellow professor at Champlain College, here he gives an introduction to encryption, with lots of hands on practical exercises. You.....

DFIROnline

15 Feb 2012

Case studies in eDiscovery. - Peter Coons & John Clingerman

Peter and John work for D4 Discovery ( http://www.d4discovery.com/ ) and in this presentation review an data theft case they were involved.....

DFIROnline

15 Feb 2012

Malware Detection with an acquired image, by Harlan Carvey

If you have any experience with digital forensics you will know that Harlan is a legend when it comes to windows analysis. In this session.....

DFIROnline

18 Jan 2012

The Advanced Persistent Threat or: How I Learned to Stop Worrying and Love DFIR - Eric Huber

Eric Huber (author of the award winning A Fistful of Dongles blog) gives an overview of APT and why it is important for businesses.....

DFIROnline

18 Jan 2012

DFIROnline Meetup review

I think the DFIROnline meetup went well tonight. The turn-up tripled from the first event, we .....

DFIROnline

18 Jan 2012

Thoughts about last night

So after last night’s meetup I have a few thoughts on what went well and what did not. .....

DFIROnline

15 Dec 2011

Online meetup survey results

So after one week I have got around to checking out the survey results. 68% of respondents went .....

DFIROnline

18 Nov 2011

Online DFIR meetups

At PFIC I was talking to Harlan Carvey about his NoVA meetups and how great they sounded. When I got home from PFIC it occurred to me that I have an online.....

DFIROnline

11 Nov 2011

Resources

This is a selection of some tools, cheatsheets and presentations I have developed over the years. .....

Resources

30 Oct 2020

About Writeblocked

I started this website back in 2011 when I was the Program Director of the Graduate Digital Forensic Programs at Champlain College, which I joined in August.....

About

30 Oct 2020

About the platform

During the few years when I was first running this blog I tried a number of content management systems, including Joomla, Wordpress and Drupal. While they.....

About

30 Oct 2020

Writeblocked/DFIROnline Privacy Policy

Your privacy is respected, as a moderately paranoid (well some would say terminally paranoid) individual I hate providing anyone with my personal information......

About

30 Oct 2020