A Roadmap to Earning Your First (or Next) SANS Certification

I’m in no way saying that certs or degrees are the only path to success. There are definitely individuals in the field who’ve never taken a cert or completed a degree and are super successful. However, I think those individuals are rare, they’re the exception (i.e. exceptional). In my experience (and it’s only my experience I can speak from), certs are the fastest way to get skilled up in an area where you have knowledge gaps. With that said, let’s get started.

Unlocking the DFIR Job Market: Strategies for Landing Your Dream Role

It can be difficult when there are so many different roles and job titles and little standardisation. The requirements for a role can differ vastly depending on the hiring manager and the HR team (not to call anyone out, it’s a fast moving field and it’s hard to keep up). There’s no shortage of advice like this; I realise of course that a quick Google search brings up a multitude of similar blogs, but if people are still asking ‘where do I start,’ at least having written this I have somewhere to point them for a quick rundown of my thoughts.

Alternate Data Streams

Quick writeup on Alternate Data Streams (ADS). ADS is a file attribute used in NTFS that ultimately provides an opportunity for investigators to extract valuable evidence that might otherwise be overlooked. ADS is an additional stream of data that can be attached to a file on Windows systems. It’s a hidden file attached to a […]

Create a Personal Forensics Lab Part 5: The Windows 7 Workstations

By this the fifth instalment of the ‘build your own lab’ series, the lab already resembles this network diagram (or should, anyway): As the title suggests, it’s time to install the Windows 7 workstation(s). Workstation Configuration During the installation, Windows asks for a user name and a Computer Name. Enter these to save a step […]

Build Your Own Forensics Go-Bag

Everyone has their own take on the components which make up a basic DFIR go-bag for when that inevitable call from a client comes. I always have with me a small collection of devices and boot USBs which I think are useful in most cases, mostly because I’ve found myself in situations where any of […]