Category: Methodologies & Best Practices

  • Just Forensics, Mercifully

    Last week I had the privilege of addressing the attendees of the 2020 SANS DFIR Summit. I spoke about the need to reach out and help those not as fortunate as ourselves. Please take 25 minutes to watch the presentation and then do something about it.

  • The Long and Winding Road to Nowhere

    For those of you that know me personally, I try very hard to not minimize other people’s work and accomplishments. In fact, I revel in others’ joy when they achieve things. So, this post will be somewhat out of character for me. I’ve been conducting forensic investigations for around fourteen years. During that time I’ve…

  • The Human Cost

    The US Cybercrime Conference was cancelled last week. My personal feelings about their timing aside, I’ve decided to go ahead and publish my presentation for anyone to watch.

  • Comey Island

    FBI director, James Comey has recently been testifying before various Senate committees that encryption should be significantly weakened so that we can battle terrorist threats. Well, that isn’t exactly what he’s saying, at least not according to him, it just happens to be the eventual outcome of what he’s asking. Across the Atlantic the UK Prime…

  • How to do the Worst Job Possible

    Occasionally we all see forensic reports that are as close to perfect as they could be. Where procedures and presentation are clear and concise and where the author has conducted research relevant to the investigation. Sadly this isn’t once of those instances… This is a real report prepared by a real defence ‘expert’. Any references…

  • Extreme Hexjumping Video

    A few weeks ago I posted a picture of Martin Westman just before he jumped out of a plane while hex-dumping a phone. He has been in touch and sent a link to the Youtube video. I asked Martin if he has any more plans to do things like this in the future and he…

  • Digital Forensics – What We Don’t Know CAN Hurt Us

    If my work with Volume Shadow Copies has taught me one thing it is that I don’t know anything. I have often said the more I learn, the less I know. Everything that we learn about computer investigations leads to more learning. It never ends. Anyone that thinks they know everything there is to know…

  • Desensitisation

    Lee describes working with indecent images of children

  • Law Enforcement Only

    Lee Whitfield wants to know how providing benefits to law enforcement is fair and just.

  • How Much Are Your Clients Worth?

    Lee Whitfield discusses how billing and invoicing can be completed to the satisfaction of both investigator and client so that neither loses out.