Thanks for joining me!
Good company in a journey makes the way seem shorter. — Izaak Walton
My blogging journey begins thanks to Phill Moore of thisweekin4n6.com. I don’t know how he does it, but he maintains an incredible wealth of knowledge, on a weekly basis. This includes a post on starting a blog, which is why I say – thanks Phill. After a strenuous five minutes involving things like choosing a domain name, and clicking a few option buttons, this blog has taken its first baby steps.
A bit and byte about myself (did you see what I did there) – I live and work in the northeast U.S. I work a caseload involving mobile and computer forensic examinations. The work includes data analysis, as well. What about the road leading up to my current job?
I strongly believe that, my path to digital forensic began in my younger years, while downloading viruses to my Compaq Presario. Hard drive reformatting became one of my hobbies, and I only needed tech support on two occasions, to walk me through the process. In my semi-older years, I took this love for drive-formatting, and supplemented it with a few courses in cybersecurity. Thereafter, I just fell in love with everything having to do with digital forensics. As a result, I wish to pass along some information that I’ve found useful during my journey. All you need is a spark!
Here are a few of the activities I like to classify as “research and development” to continue learning about the field:
- Reading academic research papers on various topics, and attempting to read Brian Carrier’s File System Forensics book from cover to cover (I haven’t succeeded yet)
- Watching (or attempting to watch) the full semester of Harvard’s CS50 course
- Watching (or attempting to watch) the full semester of MIT’s Intro to CS (Python programming)
- Learning about Power Forensics (https://github.com/Invoke-IR/PowerForensics)
- Downloading various VM’s (SIFT, Skadi, Kali, etc.) and evaluating their place in my workflow
- Magnet-fanning (being a fan of Magnet Axiom and Atlas case management system)
- Listening to SANS 408 and 508 MP3’s over and over again (by the end of the week I’ll have FOR585 MP3’s)
- Reading papers available through SANS reading room (I’m amazed at most if not all of the topics that are covered by researchers)
- Turning every case into a training exercise
- Learning about incident response, bad-actors, and their attack methods
- Reading the Talos threat intel blog (the posts are very well written)
- Watching Hak5 videos with Dan Tentler, and subsequently trying to learn pen-testing
- Trying to get an invite code for hackthebox.eu (I was so close)
I could go on, but I hope I’ve provided enough information, for anyone interested in digital forensics, to start their journey. A little Google magic will help with any of the items listed above.
Before I end this first blog post, I’ll mention some of the things I want to get done in the near future:
- Learn Python enough to create scripts for my workgroup
- Attend SANS FOR572 (Advanced Network Forensics)
- Continue meeting new people working in digital forensics
- Ride-along with someone in IR (or a SOC)
Feel free to contact me with any questions, concerns, or rants. I’m a pretty good sounding board.
Thanks for tuning in, and I promise to post some interest tidbits as they become available!