On Validation

I’ve struggled with the concept of “validation” for some time; not the concept in general, but as it applies specifically to SOC and DFIR analysis. I’ve got a background that includes technical troubleshooting, so “validation” of findings, or the idea … Continue reading On Validation

Posted in Uncategorized

Devices

This interview regarding one of the victims of the University of Idaho killings having a Bluetooth speaker in her room brings up a very important aspect of digital forensic analysis; that technology that we know little about is very pervasive in our li… Continue reading Devices

Posted in Uncategorized

Why Write?

I shared yet another post on writing recently; I say “yet another” because I’ve published blog posts on the topic of “writing” several times. But something I haven’t really discussed is why should we write, nor what we should write about?In his book, C… Continue reading Why Write?

Posted in Uncategorized

WEVTX Event IDs

Now and again, we see online content that moves the community forward, a step or several steps. One such article appeared on Medium recently, titled Forensic Traces of Exploiting NTDS. This article begins developing the artifact constellations, and wal… Continue reading WEVTX Event IDs

Posted in Uncategorized

Why Lists?

So much of what we see in cybersecurity, in SOC, DFIR, red teaming/ethical hacking/pen testing, seems to be predicated on lists. Lists of tools, lists of books, lists of sites with courses, lists of free courses, etc. CD-based distros are the same way,… Continue reading Why Lists?

Posted in Uncategorized