Validation of Forensic Tools- A Quick Guide for the DFIR Examiner

Prologue Still need to write one up Introduction With the field of digital forensics growing at an almost warp-like speed, there are many issues out there that can disrupt and discredit even the most experienced forensic examiner. One of the issues that continue to be of utmost importance is the validation of the technology and software associ...

Read more

Writing DFIR Reports- A Primer

Prologue “How do I write a good DFIR report?” -Literally Everyone at some point You wouldn’t believe how many times that question gets asked out of me here at Marshall University (and sometimes in the DFIR community). Year after year I’ve given the same answer: a list full of outdated links and a verbal “laundry list” collection of tidbits a...

Read more

Base64- A Forensic Introduction

Prologue Although a digital forensic examiner may encounter many different encoding schemes in their daily casework, one of the most popular is that of Base64. Base64 is often applied to data being transported from one system to another, and is a popular encoding format because it ensures that a device (and it’s associated oeprating system) at t...

Read more