Aren’t we neglecting something in DFIR?

The technical piece of DFIR is not difficult. If you know what you are looking for, and you know how to find it, the work is actually easy. I do not say this to mean that anyone off the street can do this work without training or education. I mean th...

The forensic process begins before processing forensics begins

I was asked an age-old question via a Twitter DM today: "Should I pull the plug or image live?" I thought this was a rhetorical or 'homework' question, because how would I know?  I gave a short answer of it depends on this and that, assuming tha...

When OSINT is turned into the Baseball Bat of Internet Mob Justice

We are of a curious mind, we the forensic examiners, private investigators, OSINT professionals, and journalists. Our work is for the public good, and we are skilled in the effective wielding of the most powerful weapon on the planet: INFORMATION! We...

