The Journey Begins

Thanks for joining me!

Good company in a journey makes the way seem shorter. — Izaak Walton

My blogging journey begins thanks to Phill Moore of thisweekin4n6.com.  I don’t know how he does it, but he maintains an incredible wealth of knowledge, on a weekly basis.  This includes a post on starting a blog, which is why I say – thanks Phill.  After a strenuous five minutes involving things like choosing a domain name, and clicking a few option buttons, this blog has taken its first baby steps.

A bit and byte about myself (did you see what I did there) – I live and work in the northeast U.S.  I work a caseload involving mobile and computer forensic examinations.  The work includes data analysis, as well.  What about the road leading up to my current job?

I strongly believe that, my path to digital forensic began in my younger years, while downloading viruses to my Compaq Presario.  Hard drive reformatting became one of my hobbies, and I only needed tech support on two occasions, to walk me through the process.  In my semi-older years, I took this love for drive-formatting, and supplemented it with a few courses in cybersecurity.  Thereafter, I just fell in love with everything having to do with digital forensics.  As a result, I wish to pass along some information that I’ve found useful during my journey.  All you need is a spark!

Here are a few of the activities I like to classify as “research and development” to continue learning about the field:

• Reading academic research papers on various topics, and attempting to read Brian Carrier’s File System Forensics book from cover to cover (I haven’t succeeded yet)
• Watching (or attempting to watch) the full semester of Harvard’s CS50 course
• Watching (or attempting to watch) the full semester of MIT’s Intro to CS (Python programming)
• Learning about Power Forensics (https://github.com/Invoke-IR/PowerForensics)
• Downloading various VM’s (SIFT, Skadi, Kali, etc.) and evaluating their place in my workflow
• Magnet-fanning (being a fan of Magnet Axiom and Atlas case management system)
• Listening to SANS 408 and 508 MP3’s over and over again (by the end of the week I’ll have FOR585 MP3’s)
• Reading papers available through SANS reading room (I’m amazed at most if not all of the topics that are covered by researchers)
• Turning every case into a training exercise
• Learning about incident response, bad-actors, and their attack methods
• Reading the Talos threat intel blog (the posts are very well written)
• Watching Hak5 videos with Dan Tentler, and subsequently trying to learn pen-testing
• Trying to get an invite code for hackthebox.eu (I was so close)

I could go on, but I hope I’ve provided enough information, for anyone interested in digital forensics, to start their journey.  A little Google magic will help with any of the items listed above.

Before I end this first blog post, I’ll mention some of the things I want to get done in the near future:

• Learn Python enough to create scripts for my workgroup
• Attend SANS FOR572 (Advanced Network Forensics)
• Continue meeting new people working in digital forensics
• Ride-along with someone in IR (or a SOC)

Feel free to contact me with any questions, concerns, or rants.  I’m a pretty good sounding board.

Thanks for tuning in, and I promise to post some interest tidbits as they become available!