Derek explores how to collect and compare SMART information before and after a forensic acquisition. He also wrote a couple of batch files.
Author: Derek Eiri
Getting SMART(er) with Information
Derek explores methods to retrieve SMART information from write protected NVMe drives.
Forensic 4:cast Awards, 2023
Update: I asked and you all delivered. I am a finalist for Forensic 4:cast Awards' #DFIR Newcomer of the Year! Derek requests your vote for Forensic 4:cast Awards' DFIR Newcomer of the Year.
Forensic Hard Drive Data Recovery with Scott Moulton
Derek learns how to rebuild a hard drive with Scott Moulton from My Hard Drive Died. It's alive!
Retrieving Registry Values to Decrypt Files Protected with DDPE
Derek explores the registry report function with X-Ways Forensics and creates a RegRipper plugin to collect Dell Data Protection Encryption information.
Reflecting on 2022
Derek reflects on why he started blogging and where he drew inspiration from.
Practical Linux Forensics & a Mini Linux Forensics CTF
Derek worked through CTF images using Practical Linux Forensics as a reference. X-Ways Forensics and Windows Subsystem for Linux are also used.
Exploring AI Assisted Picture Categorization with Magnet Forensics AXIOM and X-Ways Forensics with Excire, Re: Weapons
Derek explores the picture categorization feature in AXIOM and X-Ways Forensics.
Derek reflects on a recent table-top exercise to verify our processes, discover gaps, and learn from our mistakes. A shopping cart is involved.
Assembling a Go-Bag, Re: Write Block Options?
Derek started with ideas on creating a compact and flexible go-bag. He ended up writing about write blockers.