Cache
A growing stash of the people and things I lean on, learn from, and find inspiring.
Mentors & Influences
- Andrew Carr · linkedin.com A seasoned DFIR practitioner and mentor, Andrew has helped guide me through the early stages of my career. His insights and encouragement have been invaluable, shaping both my soft skills and my approach to DFIR.
- Jonathan Rajewski · linkedin.com An experienced incident response leader and a former college professor of mine, Jon was one of the main reasons I chose to study digital forensics. His passion for teaching, knowledge, and genuine excitement for the field continue to inspire how I learn and grow.
Reading
- WoodillaSec · blog.woodillasec.org Security research, project documentation, and tooling by Kevin Woodilla.
- LongRunSignals · longrunsignals.substack.com Endurance sports, incident response, and practical security advice by Derek Berger.
- The DFIR Report · thedfirreport.com In-depth case studies and analysis of real-world DFIR investigations.
- SANS Blog · sans.org Practical security research, DFIR insights, threat analysis, and guidance from SANS instructors and practitioners.
- Huntress Threat Research · huntress.com Research and analysis on emerging threats, attack techniques, and DFIR best practices.
Podcasts
Tools
- Eric Zimmerman’s EZ Tools · ericzimmerman.github.io A go-to suite of DFIR utilities for parsing and analyzing Windows forensic artifacts.
- Velociraptor · docs.velociraptor.app Open-source endpoint visibility, collection, hunting, and incident response at scale.
- KAPE · kroll.com Fast triage and collection framework for grabbing forensic artifacts from live systems or mounted images.
- CyberChef · gchq.github.io A browser-based “cyber Swiss Army knife” for decoding, transforming, and analyzing data.
- Volatility Framework · volatilityfoundation.org An open-source memory forensics framework for analyzing RAM dumps.