Writing DFIR Reports- A Primer

Prologue “How do I write a good DFIR report?” -Literally Everyone at some point You wouldn’t believe how many times that question gets asked out of me here at Marshall University (and sometimes in the DFIR community). Year after year I’ve given the same answer: a list full of outdated links and a verbal “laundry list” collection of tidbits a...

Read more

Base64- A Forensic Introduction

Prologue Although a digital forensic examiner may encounter many different encoding schemes in their daily casework, one of the most popular is that of Base64. Base64 is often applied to data being transported from one system to another, and is a popular encoding format because it ensures that a device (and it’s associated oeprating system) at t...

Read more