I’ve been on leave for surgery recovery for the past week with another one to five more to come. The office/lab has converted nicely to a recovery room. Needless to say there hasn’t been a lot of DFIR going on. The requirement to be as sedentary as possible has given me good time to focus […]
I had a wonderful time participating in the Magnet User Summit, both in person and virtually. After 2 years of participating virtually, it was my first time attending the Summit in person. It was great to meet for the first time in person, not just many of my coworkers, but many of the regulars in […]
You can now get Baker Street Forensics swag, everything from shirts and stickers to onesies and pillows. I’m especially fond of the notebooks. I worked with a number of independent artists to commission a few new logo designs. This is where I need your help. What’s your favorite of the designs? The winner will be […]
Just in time for the 2022 Magnet User Summit and my presentation on FREE Tools for DFIR Triage Collections, an updated release (v3.1) of CSIRT-Collect. Special thanks to Kevin Pagano for contributing. You can register for my talk Free Tools for DFIR Triage Collections here.
I’ve got an abundance of equipment in my home office/lab. I’d been contemplating doing a rack setup for a while but all of the options I was looking at were above budget for what I wanted to spend. Also, while I liked the idea of the functionality of a rack I wasn’t too keen on […]
January 2020, the last time I had work related travel, seems like an eon ago. Later that year I had planned my first attendance at the Magnet User Summit in Nashville. Then COVID entered the scene and every event going forward for me was remote only. Don’t get me wrong, I’m an introvert and being […]
Earlier today I was asked for a ‘quick and easy’ PowerShell to grab a packet capture on a Windows box. I didn’t have anything on hand so I set off to the Google and returned with the necessary ingredients. The star of the show is netsh trace, which is built into Windows. If we wanted […]
Windows Subsystem for Linux (WSL) adds a lot of capability and convenience for running DFIR applications on a Windows host. Previously I wrote about how to add a SIFT/REMnux Ubuntu distribution to WSL. Another tip I’d like to share with you is setting up separate profiles for frequently used applications. Volatility is one of the […]
CSIRT-Collect USB can be found in the main repository for CSIRT-Collect. CSIRT-Collect is a PowerShell script to collect memory and (triage) disk forensics for incident response investigations. CSIRT-Collect USB is designed to run directly from a USB device. While a network deployment certainly supports automation, as an Incident Responder I can think of several examples […]
If you’re utilizing KAPE to collect triage collections, are you also collecting a RAM image with the operating system artifacts?Included in the Modules section of KAPE there are three modules that can create a RAM image. The modules for DumpIt and Winpmem have been available for a while. (I wrote the DumpIt module and Eric […]
Something went wrong. Please refresh the page and/or try again.
Follow My Blog
Get new content delivered directly to your inbox.