You can now get Baker Street Forensics swag, everything from shirts and stickers to onesies and pillows. I’m especially fond of the notebooks. I worked with a number of independent artists to commission a few new logo designs. This is where I need your help.
What’s your favorite of the designs? The winner will be the default logo for bakerstreetforensics.com
All proceeds from the sales will be donated to charity. Do you have a charity you’d like to nominate? The charity with the most votes will receive the proceeds.
Option 1: Original logo
Option 2: Deerstalker
Option 3: Print
Option 4: Sherlockian
Let me know your votes with a comment below, then visit the merch page, or click here to go direct to the store. Thank you for your support.
Just in time for the 2022 Magnet User Summit and my presentation on FREE Tools for DFIR Triage Collections, an updated release (v3.1) of CSIRT-Collect. Special thanks to Kevin Pagano for contributing.
Register today
You can register for my talk Free Tools for DFIR Triage Collectionshere.
January 2020, the last time I had work related travel, seems like an eon ago. Later that year I had planned my first attendance at the Magnet User Summit in Nashville. Then COVID entered the scene and every event going forward for me was remote only. Don’t get me wrong, I’m an introvert and being able to work from home in my fortress of solitude the past few years has been great. I even managed to present at Magnet Enterprise Pulse and the HTCIA International Summit, both remotely. Fast forward to the present and events are starting to open back up.
Getting the band back together
The Magnet User Summit in April will be supporting in-person and virtual attendance. After two years as virtual participant I’ll finally be able to attend in person. As it turns out I’ll be presenting at the conference as well! It’s taken me a few years to get here, but now I get to attend as a speaker (and and employee!)
You can register for the Magnet User Summit (in person or virtual) here:
Windows Subsystem for Linux (WSL) adds a lot of capability and convenience for running DFIR applications on a Windows host. Previously I wrote about how to add a SIFT/REMnux Ubuntu distribution to WSL.
Another tip I’d like to share with you is setting up separate profiles for frequently used applications.
Volatility is one of the applications I’m in frequently, whether for work or lab(work). Sure, I can open a command window and then navigate to the appropriate application path; but why not make it a one-click option.
To begin, open Windows Terminal, and go to the Settings menu.
On the bottom left choose select ‘Add a new profile.’
PowerShell (Core) is my default shell environment. I’ll select this as the profile to duplicate.
After you hit ‘Duplicate’ you’ll be presented with a copy of the profile.
Update the Name and Starting directory to reflect the application path.
You can customize the Icon and Tab title. Under the Appearance tab you can assign a custom background for the WSL profile. Be sure to click Save when you’ve made your changes.
Now when I want to open a Volatility session, it’s right there on the drop down in WSL.
If you have WSL parked on the Taskbar, you can select the new profile (or any other profile) with a right-click.
If you want to have your WSL instances in separate windows, versus the default tabbed layout, right clicking from the taskbar will open the selected session in a new window.
Baker Street Forensics 