Filegen - file generator for tool testing

One of my students is currently researching data recovery on solid state drives. Part of the In this case the objective was to be able to determine.....


12 Apr 2013

Resources for learning python for forensics

This is just a small collection of some of the resources that are available if you are interested in learning python. It is not intended to be a.....


11 Apr 2013

Updated filesystem cheat sheets

At PFIC last year I ran a workshop on the analysis of NTFS and handed out some cheat sheets I made for examining NTFS in a hex editor. I have been using.....


26 Aug 2012

4096 byte sector drives, NTFS and forensic tools

One of the topics that came up during Kevin Ripa's DFIROnline presentation was the concept of 4k sectors, or really sectors larger than 512 bytes......


24 May 2012

New Website and a new resource

I have transferred to a new hosting provider and made a few upgrades to the website. The most So after a little bit of work I have created the DFIR.....


1 Mar 2012

DFIROnline Meetup review

Well the DFIROnline meetup went well tonight. The turn-up tripled from the first event, we had a max of 97 attendees at one point. Harlan and Eric both.....


17 Jan 2012

Free non-forensic windows programs for forensics and thanks.

Over the past couple of days Harlan has been talking about people contributing to the DFIR .....


27 Dec 2011

The beauty of forms

I recently read the book the “Checklist Manifesto” by Atul Gawande In the book Atul describes how by creating and using checklists of common tasks.....


10 Nov 2011


I have spent the past few days at the PFIC conference in Utah, it was a blast, except for the .....


8 Nov 2011

What makes a good forensicator? or how to get a job in Digital Forensics

A common question those seeking to enter the field of digital forensics ask is what do I need to .....


4 Nov 2011