Clik here to view.
Updates and status
Hello Reader!, It's been awhile since we've talked. Things here at G-C have been pretty busy, the legal sector at least appears to be in a full recovery (knock on wood). While I...
View ArticleTime to find a fancy hat, I'm speaking at Derbycon
Hello Reader, I've been trying to find more conferences to speak at lately (If you are running a conference let me know) to let more people know about fun forensic artifacts. I've...
View ArticleUpdates and DFIR Conferences
Hello Readers, I know I've been silent, our workload and conferences have kept me quite busy. Updates for you:Book NewsComputer Forensics, A beginners guide is out to copy edit...
View ArticlePFIC 2012 Slides & Bsides DFW
Hello Reader, With another presentation done here are my slides from PFIC, where I again presented on Anti Anti Forensics. This is a similar presentation to the one I did at Bsides...
View ArticleHappy Holidays - Research update
Happy Holidays Reader!, As we get ready to actually take a couple days off for christsmas and get ready for the next year I wanted to give an update on our...
View ArticleClik here to view.
Happy new year, new post The NTFS Forensic Triforce
Feliz Nuevo Ano Reader!, Thanks for sticking with me and my erratic schedule through 2012. One of my resolutions for 2013 is to get better about regularly...
View ArticleClik here to view.
NTFS Triforce - A deeper look inside the artifacts
Hello Reader, In our last post we discussed at a high level the relationship between the $MFT, $LOGFILE and $USNJRNL. In this post we will go into detail of the structures we can recover...
View ArticleDFIR Online Tonight 3/21/13 8PM EST
Salutations Reader, Tonight myself and my colleague Matthew Seyer will be on DFIR Online. You can find the link to watch here:http://www.writeblocked.org/index.php/dfironline.htmlIf you...
View ArticleThe new book is out!
Well I thought I had another month but it looks like McGraw Hill is faster than I thought!You can get the print edition here:and the Kindle edition here:Since the book is out early its good news for...
View ArticleNCCDC 2013 Wrap up
Greetings Reader, Another year and another NCCDC is done. While the red team always wins we are happy to share our victory with this years winner RIT. Every year I present a debrief...
View ArticleNCCDC 2013 Lessons Learned
Hello readers,For those who are not familiar, the National Collegiate Cyber Defense Competition (NCCDC) is held once a year in San Antonio, Texas. The 10 winning teams from regionals held across the...
View ArticleCEIC 2013 and the public beta of the NTFS TriForce
Greetings Reader!, Thanks to all of you who came in person to my presentation at CEIC this morning, we had a mountain of information to show you and you kept up! We had a...
View ArticleA daring experiment!
Hello Readers, I attended my first SANSfire, and to be honest first SANS event, this week. If you've been following my tweets (that is weird to type out, but... that's our world now)...
View ArticleDaily Blog #1 More about 'Offensive Forensics' aka For 668
Hello Reader, it's Day 1 of the Zelster challenge, I like to always start my blogs with a small hello because I want to make sure you get a feeling of direct and informal communication...
View ArticleDaily Blog #2: What I wish I knew when I was starting out
Howdy Reader, BTW I'm from Texas, so we say howdy sometimes. Not a lot mind you, but its just something fun to say. I'm taking topics to blog about from readers and Karen Palmer...
View ArticleDaily Blog #3: The progession of the digital forensic examiner
Hello Reader, I've been asked these questions many times; "What does it take to become a 'real' digital forensic examiner?", and "What will it take for me to achieve a higher level of understanding...
View ArticleDaily Blog #4: Milestones 1 and 2 detailed
Hello Reader, In my last post we talked about the milestones and optional achievements you can look forward to in your forensic career. This post will go into detail on what it...
View ArticleDaily Blog #5: Milestones 3 and 4 detailed
Hello Reader, The conversation from these posts is continuing in the comments and I'd like to ask you to consider joining us. While I enjoy sharing my perspectives we would all...
View ArticleDaily Blog #6: The weekly reading list
Hello Reader, It's Saturday so we will take a break from the current series and lets enjoy the weekend with some relaxing digital forensic reading. So get a good cup of coffee, a comfortable chair...
View ArticleDaily Blog #7: Sunday Funday
Hello Reader, It's Sunday! Lenny Zelster did quotes on Sundays, but I'll be honest I don't do much quoting from famous people. So instead, lets have a contest. Every Sunday I'll be posting a...
View Article
