Dfir

The National White Collar Crime Center (NW3C) recently kicked off a weekly Digital Forensics and Incident Response (DFIR) Capture the Flag (CTF) competition. Individuals can join the free challenge to hone their digital forensic skills and test their knowledge. 

ADF Bret: Hi Brett, thanks for taking time to talk! My first question is, what’s with the extra “t”? I’m just kidding of course.  Growing up, one of my best friends spelled his name with two “t”s so we just refer to one another as Brettt so as not to offend one another.   

Brett:     A rose by any other name…

ADF Bret: You’re a digital forensic examiner providing private consulting and training to government agencies and you’ve also found time to write quite a few books, including Placing the Suspect Behind the Keyboard, Hiding Behind the Keyboard, and X-Ways Forensics Practitioner’s Guide, all of which have received nominations for Best Forensic Book of the Year.  How did you get started writing books for the forensic community and what (besides the money and fame) keeps you writing?

Brett:  Much like any author writing forensic books, I wanted to write the books that I wish were already written by someone else. I would have bought them if they already were written! My first two books were published within the same year, so they competed against each other for Best Forensic Book of the Year and the X-Ways book won. That was neat, and certainly having Eric Zimmerman as my co-author helped. I will keep writing books whenever I need a book that hasn’t already been written, so hopefully we get more authors writing books.

If you haven’t yet met Phillip Moore and you’re in the digital forensics or incident response fields, you’re likely to at least know him from one of his top forensic blogs:

What's the fastest, easiest way to perform RAM Dump? While there are many tools and techniques available to examiners for recovering data from volatile memory, ADF Digital Evidence Investigator^®, Triage-Investigator^®, and Triage-G2^® are fast and easy. 

A simple 2-step process lets even the most non-technical field investigators or highly trained digital forensic examiners quickly perform a RAM capture when running a live scan on the computer from a collection key: 

1. Click "Create RAM Dump" from the main menu
2. The RAM Dump will be saved to the collection key as a .bin file and then zipped