Yesterday, I completed the WinFE course I mentioned in my last post. I wanted to do a review of the course because I found a lot of value in it. First, what is the Windows Forensic Environment (WinFE)? In short, it is a slightly modified portable Windows distribution with software based write-blocking capability for the acquisition of digital media.It is based on the Windows Pre-Installation ..read more

 What's this? Two, yes two posts. Not just in the same year, but even in the same month! What has gotten into me?More TrainingYesterday, I completed a course I started a long while back but never finished. I signed up for the Autopsy 8 hour course from BasisTech (https://dfir-training.basistech.com/) and got around halfway through it but, as often happens with me I got distracted and went off in ..read more

I've been working hard on forensic and malware related courses lately and having a lot of fun with it. I had almost forgotten how cool it was working on and learning this material. I thought I'd give a little update on my activities, so here it is. Take your No-Doz, this may be the longest post I've ever done.Forensic and Malware CoursesIn my last post, I mentioned that I was working on the ..read more

Hello everyone! I'm back for yet another drive-by blog post. I've had a lot going on since my last post in December and I thought I'd catch you up a little.First and foremost, I graduated! It happened 35 years later than I'd originally intended to, but I finally made it. I graduated with honors from Lincoln Trail College (also my awesome employer) last week. It wasn't something I needed to do ..read more

I'm going to start writing more on my blog. No! Really! You do believe me, right? Ok, can't blame you if you don't. I come back to this from time to time and think this time I'm really going to dive into it, only to get sidetracked in some other direction. I promise I have a good excuse this time.Since I last posted, I have gone back to school on a part-time basis while continuing to work ..read more

First, welcome to my renamed blog. I couldn't think of a good name for the blog years ago when I first started so I just settled for the most boring name I could think of, "Digital Forensics Blog". Granted, that was the main focus but it was just boring. A while back, I tweeted that I was looking for a better name. Phill Moore suggested Pryor Knowledge which I liked, but I decided to change it to ..read more

I came back to this blog a little over a year ago or so thinking I'd really get back into writing. I was missing talking, thinking, doing and writing about forensics. I still do miss all those things but it seemed like I just couldn't find the time to really do anything about it. My job consumed so much of my time and energy that there just wasn't much left for anything else. My last post here ..read more

I decided a couple days ago to try out Volatility's ability to examine Linux memory images. I had never tried capturing RAM from a Linux machine, aside from .vmem files, so this was all new territory for me. My friend Gleeda recommended I use LiME to capture ram, so I headed over to the LiME Googlecode project page and grabbed a copy. I may post about the entire process later, but just wanted to ..read more

The Hacker Academy recently released its new Windows Registry Master Class. Prior to its release, Hacker Academy senior instructor Andrew Case contacted me and asked if I'd like to review the course. I, of course, said yes and got signed up when the course was ready. In the interest of full disclosure, I was given free access to the class in exchange for providing feedback on the course content ..read more

X-Ways Forensics Practitioner's Guide As I’ve mentioned in previous reviews, there are only a few books I get truly excited about. The ones I actually pre-order are few and far between. However, I decided when I heard about this book I would pre-order it for sure. As it turned out, that wasn’t necessary. In the interest of full-disclosure, I want to say I got an advance copy for review and a ..read more