I’ve met many new folks this year and it was wonderful to finally meet many I’ve interacted with online, in-person. It was a particularly engaging year for me. While I did not maintain a cadence of one post a month, new and continued engagement in reading and sharing the blog is deeply appreciated. Thank you.

On Blog Posts

For the posts I did write, I gravitated to topics inspired by course work.

Taking Scott Moulton’s Forensic Data Recovery class inspired me to revisit the topic of retrieving SMART information from NVMe drives and how that information may be helpful for documenting its condition. Writing that post vastly improved my understanding of NVMe drives, including features like sanitation. I continued to explore this area by retrieving SMART information before and after imaging a drive with the help of a batch file. With help from the members of the Digital Forensics Discord server, I learned to appreciate using X-Ways Forensics via the command line.

After mentioning WinFE in a go-bag, retrieving SMART information in WinFE, and introducing WinFE to my co-workers, it was great to advance my knowledge of WinFE by completing Brett Shavers’ WinFE course. While documenting and validating WinFE’s write protect ability is a course requirement, spending time to learn more about disk toggling to understand the conditions of which it will write to a drive, may write to a drive, and will not write to a drive allowed me to appreciate what WinFE is today. Completing the WinFE Train-the-Trainer program was opportunity to expand my understanding of adult learning and I look forward to further develop and practice those skills.

Studying and completing the coursework for SANS’ FOR585 (Smartphone Forensic Analysis) was a great experience. I appreciated how Heather Mahalik and Domenica Crognale authored the course by normalizing the expectation that no tool will parse “all the things”. The labs curated for the course appropriately emphasized this expectation by modeling manual analysis and the thought process that must be adopted to accomplish this. While it was not an expectation, specific examples of enterprise Mobile Device Management configuration and downstream impacts it may have on data extraction would have been helpful to me. To narrow the absence of information applicable to the private sector forensic examiners, I wrote about a specific solution on extracting data from pair-locked iOS devices.

On Conferences

With the abundance of information available in books and presented remotely (on-demand, too!), the value I perceive in conferences is primarily meeting people I’ve interacted with online or others I would not have ever met otherwise. Attending two conferences this year to accomplish this was a treat.

It was an honor to be among the Forensic 4:Cast finalists presented at the SANS DFIR Summit in Austin, TX. Congratulations to Renan Cavalheiro for his success in multiple categories! It is a testament to his work and acknowledgement from the DFIR professionals of the impact he has. Many of the presentations are available on YouTube. Among the presentations I found intriguing is Matt Edmondson’s talk on integrating digital forensics with open-source intelligence. Specifically, Edmondson shared how he used OpenAI’s Whisper, an automatic speech recognition (ASR) system, to transcribe and translate audio offline.

The HTCIA Summit in Phoenix, AZ was another great conference to not only learn about topics on digital investigations, but also about the people who volunteer their time to the organization. The mock-trial demonstration was a great experience as well.

On Art

The design submitted and selected for the HTCIA Silicon Valley Chapter’s challenge coin I mentioned earlier this year depicts a giant sequoia redwood tree, rooted into a silicon chip. I’ll leave the hex for you to decode. I’m thrilled how well these turned out and grateful for the chapter accepting the design to represent them.

While participating in incident response or digital forensic activities can be a grind, I generally find it rewarding. It reminds me of Albert Camus’ essay, The Myth of Sisyphus, wherein Camus writes, “The struggle itself towards the heights is enough to fill a man’s heart. One must imagine Sisyphus happy.” The sticker depicts a dung beetle pushing manure up a mountain in a nod to Sisyphus. The Latin translates to, “We love this shit”.

On 2024

I don’t expect the new year to be any less lively. The chickens are master escape artists, the joy of parenthood is abundant and I will serve as the HTCIA Northern California Chapter Secretary for 2024 and 2025. Nevertheless, I look forward to continuing to share what I learn as inspiration strikes.

Thank you for your time and attention in 2023. Lets do it again next year.