While doing some research on a digital forensics challenge I noticed something. My blog content doesn't cross over into digital forensics all that often. Blogging about digital forensics takes a lot more work to sanitize private data and often times a DFIR concept requires making visual aid to help explain things.
Boom, big reveal, not everyone likes reading hex code
My site content is numerous in OSINT topics because if I find a method or tool I want to share I can quickly use sample data or test targets to share the concept. It is much harder to generate sample data when it comes to things like computer and mobile forensics because what I'm working on may be confidential or my test device may include research accounts I do not wish to disclose. That said I've got a few DFIR blogs in the works.
In the meantime, I thought I would share a few of the blogs and resources that I have found most useful in my case work over the last year. The folks on this list did a great job creating easy to follow and highly educational DFIR content:
https://www.magnetforensics.com/blog/
Magnet Forensics blog has some great webinars and white papers available. I lean to this blog for updates on Android OS and what it means to my forensic methods as well as watching for new apps and technologies being researched for forensic value. Jessica Hyde recently gave a webinar featuring forensic analysis of Internet of Things devices. It's always good to know whats coming down the road in digital artifacts.
https://www.dfir.training/index.php/dfir-blog
At one point last year I noticed DFIR Guy collecting an awesome list of DFIR tools on twitter. This became in instant reference. If I need to know if a tool exists or if there was a tool I remembered but couldn't think of the name, I go here to find it. Between the value of the tool listing and the range of quality blog posts, it became a DFIR frequent stop for me.
https://digital-forensics.sans.org/blog/
SANS is a pillar in our InfoSec knowledge base. The blog is a solid resource of research topics and white papers and the web of instructors all have different niches of specialty contributions to the Digital Forensics community. Speaking of...
http://smarterforensics.com/blog/
Heather Mahalik's blog became my go to source for mobile forensics. When the major iOS updates happen I make sure to see what research Heather has available as phone forensics is a constant in my lab work.
https://www.blackbagtech.com/index.php/blog
Blackbag is another forensic vendor that continuously produces quality blog posts. When I have research involving Mac computers or mobile devices I usually end up checking their blog.
http://cheeky4n6monkey.blogspot.com/
Cheeky Monkey gets mad technical but the write ups are excellent to follow along with. Monkey's blog posts go a great job of citing sources for additional research as well and I often times find myself reading a followup blog or 12. When I'm in the mood for tech deep dive Cheeky4n6monkey's colorful blog is where I go.
Mari Digrazia's blog became valuable early on for its 'parsing' content. Mari has links to some open source tools that have proven useful several times over in my casework. Her technical write ups are also well done with illustrations that help you follow along.
Phil Moore does an awesome weekly round up of forensic highlights. It takes a lot of time, research and dedication to stay up to date on all the aspects of the digital forensics field. Phil makes that task a lot easier on the rest of us.
http://www.forensicfocus.com/forums
Last but not least is the forum of Forensic Focus. If you google-fu your way to a DFIR solution there is a 99% you will land on this forum in your research. Some great sub categories of digital forensics are covered here and there are over thirty thousand members. Your chances of finding somebody with relevant information to your case is pretty high.
Thanks for checking out my favorite DFIR resources. I hope you found them helpful. If you have any of your own to share please drop me a line on twitter @baywolf88
