NTFS Triforce or anti anti forensics, David Cowen & Matt Seyer

It still amazes me that after all this time there is still more to learn about NTFS. Over the past year or so David has been working on a.....

DFIROnline

20 Mar 2013

Microsoft log parser & other tips & tricks for windows exams - Dave Kleiman

Dave has years of experience working with windows forensics and security, he is also the author of a plethora of books (more here: http://www.amazon.com/s/ref=nb_ss_gw/........

DFIROnline

16 Feb 2013

DFIROnline- Memory Forensics with Michael Cohen

A recording of the January DFIROnline meetup with Michael Cohen of Google .....

DFIROnline

17 Jan 2013

Android Forensics with volatility and LiME - Andrew Case

Android powered phones dominate the mobile phone market, and Android powered devices, such as tablets, E-readers, and netbooks, have substantial.....

DFIROnline

14 Dec 2012

Digital forensic tool demos - GRR, L2T Review, libvshadow, libevtx & TAPEWORM

I was lucky enough to attend the Open Source Digital Forensic conference last month and had the chance to see a bunch of new tools being.....

DFIROnline

17 Oct 2012

Windows Log File Analysis in depth, Dave Kleiman

Back by popular demand (and this time not from hospital) Dave took us through the various log files on Microsoft Windows systems (you did know.....

DFIROnline

19 Sep 2012

Forensic Story: The Odyssey of Mitra - A Modern Geek Tragedy - Cindy Murphy

For those of you who do not know Detective Cindy Murphy of the Madison Police Department is bit of a legend in the DFIR field. In.....

DFIROnline

15 Aug 2012

Frostwire analysis - Veronica Schmitt

Vee joined in from South Africa, where it was 2am in the morning and presented the results of her analysis of Frostwire, something she deals with regularly.....

DFIROnline

18 Jul 2012

Incident Response Takeaways from the MMA Challenge - Alissa Torres & Nik Roby

The MMA challenge was run by Alissa and Nik at CEIC this year and was the best session I attended. The most interesting part was that.....

DFIROnline

18 Jul 2012

An introduction to file carving - Mike Wilkinson

This was a joint NY4sec & DFIROnline meetup, streamed live from John Jay College NY. There were a few microphone issues so the audio may fade.....

DFIROnline

18 Jun 2012

What is it really like to be a digital forensic analyst? - Jon Williams

This meetup was part of a joint effort between DFIROnline and NY4Sec Jon was displayed on the big screen to folks at the NY4Sec meetup......

DFIROnline

18 Jun 2012

Forensic Storytelling - Jesse Kornblum

Jesse is a Computer Forensics Research Guru with Kyrus Technology. The best investigation is useless unless you can convey your results. There are.....

DFIROnline

16 May 2012

The challenges of storage devices using 4096 byte sectors - Mike Wilkinson

This all started with Adam from hexacorn (http://www.hexacorn.com/ ) asking some questions about a WD mybook on the win4n6 mailing list......

DFIROnline

16 May 2012

Getting to know your NTFS INDX Records - Willi Ballenthin

This was the first special request presentation, Willi originally presented this at NYC4SEC, it received lots of positive response and he.....

DFIROnline

2 May 2012

Case Experience: Data spoliation with CCleaner. - Girl Unallocated

Meila Kelley is the famous Girl Unallocated here she presents a case experience where a user tried to cover their tracks using CCleaner, which.....

DFIROnline

18 Apr 2012

Data Recovery and Its Role in Computer Forensics - Kevin Ripa

This is my favourite presentation so far. Kevin runs a data recovery business and takes us inside his home lab to show how things are.....

DFIROnline

18 Apr 2012

DFIROnline Updates

At the beginning of this month I was thinking that the schedule for DFIROnline was looking a .....

DFIROnline

16 Apr 2012

Linux Forensics for non Linux users - Hal Pomeranz

This is a great presentation, from Hal of Deer Run Associates ( http://deer-run.com/ ), Hal is a long time Linux user (and SANS instructor)......

DFIROnline

14 Mar 2012

Ripping Volume Shadow Copies - Tracking User Activity - Corey Harrell

Harlan introduced how to process VSC's in December now Corey looks at exactly how we can get the most value from this valuable resource......

DFIROnline

14 Mar 2012

A gentle introduction to cryptography - Jon Rajewski

Jon is a fellow professor at Champlain College, here he gives an introduction to encryption, with lots of hands on practical exercises. You.....

DFIROnline

15 Feb 2012

Case studies in eDiscovery. - Peter Coons & John Clingerman

Peter and John work for D4 Discovery ( http://www.d4discovery.com/ ) and in this presentation review an data theft case they were involved.....

DFIROnline

15 Feb 2012

Malware Detection with an acquired image, by Harlan Carvey

If you have any experience with digital forensics you will know that Harlan is a legend when it comes to windows analysis. In this session.....

DFIROnline

18 Jan 2012

The Advanced Persistent Threat or: How I Learned to Stop Worrying and Love DFIR - Eric Huber

Eric Huber (author of the award winning A Fistful of Dongles blog) gives an overview of APT and why it is important for businesses.....

DFIROnline

18 Jan 2012

DFIROnline Meetup review

I think the DFIROnline meetup went well tonight. The turn-up tripled from the first event, we .....

DFIROnline

18 Jan 2012

Thoughts about last night

So after last night’s meetup I have a few thoughts on what went well and what did not. .....

DFIROnline

15 Dec 2011

Online meetup survey results

So after one week I have got around to checking out the survey results. 68% of respondents went .....

DFIROnline

18 Nov 2011

Online DFIR meetups

At PFIC I was talking to Harlan Carvey about his NoVA meetups and how great they sounded. When I got home from PFIC it occurred to me that I have an online.....

DFIROnline

11 Nov 2011