Thanks for joining me!
Good company in a journey makes the way seem shorter. — Izaak Walton
My blogging journey begins thanks to Phill Moore of thisweekin4n6.com. I don’t know how he does it, but he maintains an incredible wealth of knowledge, on a weekly basis. This includes a post on starting a blog, which is why I say – thanks Phill. After a strenuous five minutes involving things like choosing a domain name, and clicking a few option buttons, this blog has taken its first baby steps.
A bit and byte about myself (did you see what I did there) – I live and work in the northeast U.S. I work a caseload involving mobile and computer forensic examinations. The work includes data analysis, as well. What about the road leading up to my current job?
I strongly believe that, my path to digital forensic began in my younger years, while downloading viruses to my Compaq Presario. Hard drive reformatting became one of my hobbies, and I only needed tech support on two occasions, to walk me through the process. In my semi-older years, I took this love for drive-formatting, and supplemented it with a few courses in cybersecurity. Thereafter, I just fell in love with everything having to do with digital forensics. As a result, I wish to pass along some information that I’ve found useful during my journey. All you need is a spark!
Here are a few of the activities I like to classify as “research and development” to continue learning about the field:
- Reading academic research papers on various topics, and attempting to read Brian Carrier’s File System Forensics book from cover to cover (I haven’t succeeded yet)
- Watching (or attempting to watch) the full semester of Harvard’s CS50 course
- Watching (or attempting to watch) the full semester of MIT’s Intro to CS (Python programming)
- Learning about Power Forensics (https://github.com/Invoke-IR/PowerForensics)
- Downloading various VM’s (SIFT, Skadi, Kali, etc.) and evaluating their place in my workflow
- Magnet-fanning (being a fan of Magnet Axiom and Atlas case management system)
- Listening to SANS 408 and 508 MP3’s over and over again (by the end of the week I’ll have FOR585 MP3’s)
- Reading papers available through SANS reading room (I’m amazed at most if not all of the topics that are covered by researchers)
- Turning every case into a training exercise
- Learning about incident response, bad-actors, and their attack methods
- Reading the Talos threat intel blog (the posts are very well written)
- Watching Hak5 videos with Dan Tentler, and subsequently trying to learn pen-testing
- Trying to get an invite code for hackthebox.eu (I was so close)
I could go on, but I hope I’ve provided enough information, for anyone interested in digital forensics, to start their journey. A little Google magic will help with any of the items listed above.
Before I end this first blog post, I’ll mention some of the things I want to get done in the near future:
- Learn Python enough to create scripts for my workgroup
- Attend SANS FOR572 (Advanced Network Forensics)
- Continue meeting new people working in digital forensics
- Ride-along with someone in IR (or a SOC)
Feel free to contact me with any questions, concerns, or rants. I’m a pretty good sounding board.
Thanks for tuning in, and I promise to post some interest tidbits as they become available!
Hello Luis,
I have taken my first role as a forensic examiner just 1 year and 3 months ago. I am very excited about your blog post and have already benefited from your “research and development” section. Am looking forward to your future posts!
Nate
LikeLike
Hey Neight! I’m very happy to hear something in that section works for you! Everyday, there is something new spawned in digital forensics, whether it’s a tool or some insight into an old artifact. This is what makes me excited about digital forensics as a whole. I’ll have more info to share in just a bit. Take care and thanks for taking the time to visit!
LikeLike