Search results

  1. bshavers

    Contemporaneous Notes – NEVER Use MS Word or OneNote

    I'm in the middle of writing up a comparison of report writing apps, tools, and methods. I have my own opinions, and some opinions and methods have changed over the years. ForensicNotes, MS Office/Open Office, and some FOSS apps are included in the comparison review.
  2. bshavers

    How do I transition from Government to Private Sector?

    There are local and federal organizations, business and private. Too many to list, but I would start at the VA website(s) and contact your local veteran association (Marine Corps League if you're a Marine vet, VFW, etc...) which will have local members familiar with the surrounding business and...
  3. bshavers

    Legal issue

    The issue/risk isn't whether the software is free, open source, demo, or commercial. It is in the details of the EULA (end user licensing agreement). Some EULAs prohibit commercial use, only allow personal use, or may have other restrictions that limit the use in legal case matters. If software...
  4. bshavers

    How do I transition from Government to Private Sector?

    What areas should I be concentrating on to make that transition? Depends on what you want to do. eDiscovery vs incident response vs digital forensics or a mixed bag. LE is generally ‘pure digital forensics’ and depending on the agency ‘some or lots of IR’. There is less pure forensic work in...
  5. bshavers

    DFIR Book Share Challenge

    All but one book is shipped out (quite a few winners, plus some Ultimate DFIR Cheats! X-Ways book shipped out to some cool Patreon supporters). The last remaining book for 2018 is waiting for the winner to confirm and send me a shipping address :) So, the DFIR BookShare challenge giveaways are...
  6. bshavers

    DFIR Book Share Challenge

    The book winner has been emailed (actually, 4 people on a list, in order of being picked). As soon as the first person accepts or passes the book and the final winner is decided, I'll post the winner here.
  7. bshavers

    DFIR Book Share Challenge

    No restrictions, and I'm covering the shipping.
  8. bshavers

    DFIR Book Share Challenge

    Only print books, since they are each signed by the author and hoped to be signed by each reader to pass onto a new reader :)
  9. bshavers

    DFIR Book Share Challenge

    Time for the next DFIR Bookshare Challenge giveaway. On Monday, December 10, I will be giving away a signed copy of "Digital Forensics Diaries". For a chance to win, all you need to do is create an account at DFIR Book Giveaways. Creating an account is simply for me to have a list of...
  10. bshavers

    Welcome to the New Computer Forensics World Forum

    It is always good to see DFIR resources, new and old, grow online. Especially for those of us who can't get enough of digging into DFIR resources.
  11. bshavers

    One reason why Hunchly has become so popular...Court Decision

    If a tool exists, then it is up to the investigator to use it for best evidence seizure, whether the tool is software or hardware. I'm sure that few people would imagine capturing webpage source code in the 90s for an investigation, but today, it is easy enough to do with what is available.
  12. bshavers

    The X-Ways Forensics Practitioner's Guide

    The X-Ways Forensics Practitioner's Guide is now available. You can search Amazon or Syngress for the guide. There is a blog site about the book xwaysforensics dot wordpress dot com, for more information by the authors (Eric Zimmerman and I). I mention the book on this forum because there is...
  13. bshavers

    Looking for a Windows utility to forensically copy files

    Yep, I had a link in my reply. upcopy from maresware (free) can do what you need (www dmares dot com) ftk imager from accessdata (free) can make forensic copies of the files and put them in a container file, and hash verify (www accessdata dot com) x-way forensics and encase (not free) can...
  14. bshavers

    Looking for a Windows utility to forensically copy files

    My answer to your question has been removed for some reason...
  15. bshavers

    Bit-level Imaging With Altiris

    There are situations where hardware write blocking devices cannot be used. Live acquisitions would be one example. You cannot hardware write block a live acquisition. You can software write block a live acquisition (with F-Response or a forensic enterprise application), but there will still...
  16. bshavers

    How do I search in ftk imager

    That's what I meant. The filter will be the best 'search' function you can get out of FTK Imager. It does work well when you need to export a certain file type(s) directly from an image or media.
  17. bshavers

    How do I search in ftk imager

    You can search by file type with FTK Imager, including unallocated space.

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu