My 2022 Forensic 4:Cast Nominations



Since Forensic 4:Cast has now opened up their nominations early, I wanted to go ahead and post my own nominations for calendar year 2021. I’ll also be sharing these to Twitter throughout the month of December as well (see below):

Nominations can be placed by clicking HERE. Nominations close May 1st, 2022 so be sure to get your nominations in before then!

DFIR Commercial Tool of the Year

Magnet Axiom

Not only did Magnet close a $115 million dollar initial public offering earlier this year, but they also added a great deal of features to their already impressive Magnet Axiom suite of tools. In addition to their acquisition of DME Forensics & their software tool DVR Examiner and you have a strong suite of commerical tools under the Magnet Axiom umbrella. Add in a great group of people behind the software behind this tool it’s pretty much an easy decision here.

DFIR Non-Commercial Tool of the Year


If you’re doing mobile forensics and haven’t downloaded & utilized Alexis Brignoni’s xLEAPP parsers stop what you are doing, download, and give it a spin. Brig’s (along with a host of great community contributors), is constantly updating and adding new features to this tool. xLEAPP includes parsers for iOS, Android, return logs, and even vehicles! In addition to the scripts/parsers being customizable due to their open-sourcing, and Brigs just being an all-around great guy makes xLEAPP worthy of a nomination.

DFIR Show of the Year

Joshua James has been working tirelessly to publish videos and other content that benefits both seasoned and newbie examiners. His short, yet infomrative videos are nice little refreshers on tools, techniques, and software that you might not have known about and/or put on the back shelf for quite a while. I know personally I’ve learned a lot from the videos, so I encourage you to take advantage of this resource as well. This was an easy nomination for me.

DFIR Blog of the Year

This Week in 4n6

I don’t think Phill Moore gets enough credit for the amount of time and effort he puts into this resource–hence my nomination. This Week in 4n6 is a collection of everything that happens on a weekly basis in the Digital Forensics and Incident Response community. Each week Phill collates the latest blog posts, podcasts, tool releases and updates, and links to conference presentations and journal articles relating to digital forensics, incident response, threat hunting, and malware reversing. If you aren’t following already I’d definitely recommend adding it to your weekly reading list.

DFIR Book of the Year

Practical Linux Forensics by: Bruce Nikkel

Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems that have been misused, abused, or the target of malicious attacks. This essential practitioner’s guide will show you how to locate and interpret digital evidence found on Linux desktops, servers, and IoT devices, draw logical conclusions, and reconstruct timelines of past activity after a crime or security incident. It’s a book written for investigators with varying levels of Linux experience, and the techniques shown are independent of the forensic analysis platform and tools used.

DFIR Article of Year

Writing DFIR Reports-A Primer by: Josh Brunty

I know I know… It’s very self-centered, lame, and not-so-humble of me to nominate myself for article of the year. However, myself and a lot of other people in the DFIR community put a great deal of effort in putting together this article and resource to take advantage of. Even if I hadn’t written it myself I still would have nominated this as I feel it’s a valuable contribution to the DFIR community for 2021. THe original blog post (which has more resources than the Forensic Focus article) can be found HERE.

DFIR Social Media Contributor of the Year

Heather Mahalik

Heather has worked hard this past year on social media to create a positive light for DFIR. Whether it be sharing content on Twitter, hosting the SANS DFIR Summit, or sharing informative videos via Cellebrite (sometimes doing all 3 at once!!) Heather does a great job in getting knowledge out to the masses. She also hosts a great podcast in Life Has No Ctrl+Alt+Delete that you should add to your podcast list if you haven’t already done so.

DFIR Degree Program or Training Class of the Year

Marshall University’s Cyber Forensics Program

There are some really great programs out there, but being a Marshall graduate myself (undergrad & grad) I definitely take every opportunity to highlight my alma mater and what they’ve done for me and my career path. If you’ve worked in DFIR long enough you’ve probably worked alongside a Marshall University graduate. Chances are that Marshall alum was a good, reliable coworker and there’s a reason behind that. Most Marshall students work hard in their 2, 4, or 6 years here to earn their degree, and take that work ethic with them into the workplace. I know you say it’s self-serving to nominate a program that you teach in. However, I have worked with these students everyday for the past 10 years and can say with confidence that you will find no better talent & people than what is coming from Marshall University.

Most Valuable Threat Intel Contribution

Red Canary

I don’t work in the threat intel space so I don’t really have much to offer here. However, if I had to pick a group that was producing useful threat intel content I’d have to choose the folks at Red Canary.

DFIR CTF / Challenge of the Year

Cellebrite CTF

Although Cellebrite & Heather will not admit it, they totally modeled the avatar/logo after me (The resemblance is obvious)–I’m kidding. On a serious not though Cellebrite put together a great comprehensive CTF this year that is worthy of a nomination.

DFIR Groundbreaking Research of the Year


In addition to publishing and updating great tools in XLEAPP, Brigs (and others in the DFIR Community) also work hard to research the artifacts that the tool processes. Sometimes, even researching and adding new content to parse over the course of a single day. In my opinion, that’s worthy of this nomination.

DFIR Newcomer of the Year

Fielders Choice

I seriously do not have a name to offer up here, and didn’t want to just list out someone for the sake of filling in a category. If there is someone worhty of being added to newcomer of the year please let me know and I’ll add them to this category

DFIR Mentor of the Year


I can’t say enough great things about DFIRDiva (Elan Wright) and what she has done for the DFIR Community over the past year. Not only does she provide great resources to those new to the DFIR field, she is a also a great mentor to those underrepresented in the field. She inspires the women in the program I teach in, which is great to see. If you don’t follow her already I’d definitely add her to your list.

DFIR Resource of the Year


Most will recognize 13Cubed from their YouTube channel, which produces a wide range of content covering Digital Forensics and Incident Response (DFIR), as well as other security-related topics. If you haven’t added them to your weekly Podcast/video/RSS list, I’d highly recommend doing so.

DFIR Team of the Year


Producing tons of great instructional video content, a super awesome CTF earlier this year, and bringing in a great group of people to do so makes me tip my nomination hat to the the team at Cellebrite. They deserve it most definitely this year.

Digital Forensic Investigator of the Year

Jessica Hyde

I could have easily nominated Jessica for Mentor of the Year (and vice versa with DFIRDiva). However, Jessica has worked hard this year to share content and be a positive light for the digital forensics community through all that she does. That, in my opinion, is enough for a nomination.


That wraps that up. Don’t forget to nominate (and vote in May)!