Category: Methodologies & Best Practices

  • Just Forensics, Mercifully

    Last week I had the privilege of addressing the attendees of the 2020 SANS DFIR Summit. I spoke about the need to reach out and help those not as fortunate as ourselves. Please take 25 minutes to watch the presentation and then do something about it.

  • The Long and Winding Road to Nowhere

    For those of you that know me personally, I try very hard to not minimize other people’s work and accomplishments. In fact, I revel in others’ joy when they achieve things. So, this post will be somewhat out of character for me. I’ve been conducting forensic investigations for around fourteen years. During that time I’ve…

  • The Human Cost

    The US Cybercrime Conference was cancelled last week. My personal feelings about their timing aside, I’ve decided to go ahead and publish my presentation for anyone to watch.

  • Comey Island

    FBI director, James Comey has recently been testifying before various Senate committees that encryption should be significantly weakened so that we can battle terrorist threats. Well, that isn’t exactly what he’s saying, at least not according to him, it just happens to be the eventual outcome of what he’s asking. Across the Atlantic the UK Prime…

  • Upholding the law: the risks for forensicators

    “You have zero privacy anyway. Get over it” – I’m sure many remember Scott McNealy, CEO of Sun Microsystems coming out with that controversial phrase in 1999. Yet 15 years later instead of the problem being dealt with it now is hotter than ever. In Episode 35, Forensic 4cast discussed the events surrounding HBGary, having been articulately hacked by…

  • How to do the Worst Job Possible

    Occasionally we all see forensic reports that are as close to perfect as they could be. Where procedures and presentation are clear and concise and where the author has conducted research relevant to the investigation. Sadly this isn’t once of those instances… This is a real report prepared by a real defence ‘expert’. Any references…

  • Extreme Hexjumping Video

    A few weeks ago I posted a picture of Martin Westman just before he jumped out of a plane while hex-dumping a phone. He has been in touch and sent a link to the Youtube video. I asked Martin if he has any more plans to do things like this in the future and he…

  • Digital Forensics – What We Don’t Know CAN Hurt Us

    If my work with Volume Shadow Copies has taught me one thing it is that I don’t know anything. I have often said the more I learn, the less I know. Everything that we learn about computer investigations leads to more learning. It never ends. Anyone that thinks they know everything there is to know…

  • Microsoft Word – What Lies Beneath

    Simon explains the possible pitfalls of ignoring metadata

  • The Changing Face of Phone Forensics

    Simon discusses current and future methods for phone forensic examination in light of new phone capabilities.