Hello and Welcome to my Blog!

I entered the DFIR field in May of 2019 and created this site to document the resources I use as I learn and grow in DFIR. I’m hoping it will help others who are interested in the field or who are also just getting started. Under DFIR Resources, you will find books, training, webinars, videos, and other resources that I have found to be helpful. I also use Facebook and Twitter to share resources I come across. This is a personal blog and all views are my own.

Continue reading...

My Experience With the SANS FOR500 Course and the GCFE Exam

After years of getting their course catalogs in the mail. I was very excited to finally be able to take a SANS course after landing my job in the DFIR field. I love to learn. I even like taking certification exams, but for the first time while studying for a certification (I already had 9 of them), I lost all focus and motivation for a while. I took the FOR500 OnDemand course with Rob Lee as the instructor. He was great! You get 4 months to complete the training and take the exam. The course started on March 20th and...

Continue reading...

DFIR Related Events for Beginners – August, 2020

A list of Digital Forensics and Incident Response related events and training that may be of interest to students/beginners for the month of August. All events listed are virtual. August 4th: Panoply (Free for Black Hat attendees) “Panoply is an network assessment/defense competition combined into a single event.” You can register HERE. August 5th: Susteen’s Digital Forensics Industry Day (Free) “Sign up for individual sessions, multiple sessions or an entire session track! Attendees will earn challenge pins for each session attended.” You can register here: https://datapilot.com/digital-forensic-industry-day/ August 5th and 6th: Black Hat (The Business Pass is Free). A Business Pass...

Continue reading...

DFIR Related Events for Beginners – July 2020

A list of Digital Forensics and Incident Response related events and training that may be of interest to students/beginners for the month of July. July 1st, 8th, 15th: Attack Detection Fundamentals (F-Secure) Free and Virtual “Our consultants will refer to live attack examples (like Emotet), explain how each detection technique is effective against different attacks, and map detection techniques to the cyber kill chain. Expect hands-on demonstrations that you can start using straight away.” The first workshop already happened, but you can view the accompanying lab and the video in the Tweet below. Go HERE to register. July 2nd: BSides TLV Free and Virtual. Includes...

Continue reading...

DFIR Related Events for Beginners – June, 2020

A list of Digital Forensics and Incident Response related events and training that may be of interest to students/beginners for the month of June. June 2nd: Cache Up This is weekly starting June 2nd on YouTube Live. Go here for more information: https://www.magnetforensics.com/blog/magnet-forensics-presents-cache-up/ June 3rd – 5th: DFRWS Virtual Conference This is a paid Digital Forensics conference. For more information and to register, go here: https://events.eventzilla.net/e/dfrws-virtual-europe-2020-2138771086 June 3rd: Join Us for a Chat About DFIR You can sign up here: https://cybersocialhub.com/dfir-mixology/ June 4-5th: SANS DFIR NetWars If you registered for a SANS class between March, 2020 and now, you are...

Continue reading...

How to Incorporate Home Lab Experience into Your Resume

Someone asked me an excellent question yesterday about how to go about framing home lab experience into professional experience. I thought I could explain it best in a blog post with examples, so here it goes… A decade prior to entering the DFIR field, I was in technical support for about a year. I then moved to a very non-technical Identity & Access Management role for several years (think Excel spreadsheets all day long). Most of my technical experience was from what I did in my home lab. Keep in mind, I am by no means a resume expert, but...

Continue reading...

DFIR Related Events for Beginners – May, 2020

A list of Digital Forensics and Incident Response related events and training that may be of interest to students/beginners for the month of May. May 4th – May 16th: NW3C CTF The competition will run from Monday, May 4th 2:00 PM EDT (6:00 PM UTC) until Saturday, May 16th 1:59 PM EDT (5:59 PM UTC).  The user who achieves the highest point total during the two week competition will be crowned the victor! May 4th – May 29th: Magnet Forensics Virtual Summit. Magnet Forensics is hosting a free virtual DFIR summit that starts on May 4th and goes throughout the month...

Continue reading...

DFIR Related Events for Beginners – April, 2020

A list of Digital Forensics and Incident Response related events and training that may be of interest to students/beginners for the month of April. As a result of the idea to make a monthly list of DFIR related events for beginners just now popping into my head, the April edition is for the end of April. I will start doing this at the beginning of each month. April 20, 2020: NW3C Capture The Flag Challenge. “The competition will run from Monday, April 20th 2:00 PM EDT (6:00 PM UTC) until Saturday, May 2nd 1:59 PM EDT (5:59 PM UTC).  The user...

Continue reading...

How Your Home Lab Can Help Fight COVID-19

I was scrolling through Twitter a few days ago when I saw a couple Tweets about Folding@home. Having never heard of it before, I went to their website to see what it was all about. This is a quote from their website: “While you keep going with your everyday activities, your computer will be working to help us find cures for diseases like cancer, ALS, Parkinson’s, Huntington’s, Influenza and many others.” Another quote from their website: “The Folding@home software allows you to share your unused computer power with us – so that we can research even more potential cures.” I...

Continue reading...

How I’ve Been Studying for Certifications

I’ve been getting a lot of questions about the resources I used for certifications and how I study for them. I may be a little ‘extra’ with my resources after failing an exam ten years ago, but I haven’t had to retake an exam since. These are my current certifications in the order taken: 2010 (Feb): CompTIA A+ 2010 (March): CompTIA Network+ 2016 (Dec): CompTIA Security+ 2017 (March): (ISC)2 SSCP (Systems Security Certified Practitioner) 2017 (Aug): CompTIA CySA+ (Cybersecurity Analyst) 2018 (June): Cisco CCNA Cyber Ops 2018 (Sept): EC-Council Certified Ethical Hacker (CEH) 2019 (July): Microsoft Azure Fundamentals 2019 (Nov):...

Continue reading...

The Evolution of my Home Lab: From Break-Fix to Forensics

One of my favorite things to do in my spare time is play around in my home lab. Aside from being fun (to me anyway), home labs are a great way to get hands on experience using different hardware and software. To demonstrate what a home lab can be used for, I will talk about what I have personally done in my home lab over the years. In 2009, I started studying for the A+ certification exam. I put an ad on Freecycle looking for unwanted computers and computer equipment so I could practice repairing them. This was the beginning...

Continue reading...