DFIR Training Blog



When I started in forensics, I had to walk 5 miles in the snow just to image a computer using a floppy…and Safeback (and other old DFIR tales).

I am certainly not a founder in the field of forensics, and didn’t really get into it until the ball was already rolling forward. However, I will say that I am a proud member of the Floppy disc imaging with Safeback club  and its sister club Looking in disks using Norton Disk Editor

Besides the technology advances, which are to be expected, the most incredible change that I have seen is that of resources available today that never existed until the recent years. If you can imagine searching online for ‘forensic software’ in 1999 compared to today, you can see the vast difference in what we have available today for resources.

At times, it feels like I will never be able to keep up. First, there is the sheer amount of resources that come online all the time. New blogs , forums , websites. Then there is the new software and hardware that is developed. And training . Goodness! Anything you want to learn, you can learn at your computer! You can literally (yes, I said ‘that’ word) start an online course in minutes to learn a skill that once only could be learned on the job or in a college.

Then add in the dozens of communication methods like Discord and there is practically no limit to the amount of information at your fingertips.

You can take an online course in topic “x” and in a day, become practically competent in the subject matter you, on day one of your exposure, started to learn. We have instant and direct access to subject matter experts that spoon feed any topic that you have interest or need to know, at your fingertips.

On top of that, we have direct access to the entire community to ask questions and share answers. There is no obstacle so difficult that cannot be solved through personal research and requests for help. For those working in InfoSec and DFIR prior to this flood of information, we see it as being an incredible resource that is not to be wasted or taken lightly.

Using Twitter as one example, I find it incredible as to learning something new that I didn’t know before and certainly need. The suggestions for software alone are worth the time to check social media timelines.



And then the notices for new blog posts!

Of course, reference and resources website (dfir.training being one of these) only add to the toolbox of knowledge to draw upon.


If that isn’t enough, many of the resource websites curate the information for you!


And the blogs! Oh my, the blogs!


If you have never written a blog post, let me give a little information. It takes time to write a blog post, and depending upon how nervous you are, how much of a perfectionist you may be, and how edgy your research is, the time it takes is not a few minutes. It can be hours or days to put something together that takes only five minutes to read.  But that five minutes can put you hours or weeks ahead of where you were before that blog post was published. Cred to the DFIR/InfoSec bloggers.

No, I didn’t forget the podcasts


Want more? How about the podcasts? Where can you listen to someone talk about something that you need to know. How else can you get another perspective by simply typing in an URL in a browser and turning on the sound?

How about watching someone who knows what they are doing, sharing their analysis and research LIVE ONLINE?  This never existed before, but we have it now because of peeps like David Cowen showing us intimate details of how he thinks, for our benefit.

As far as dfir.training goes, I intend to keep it up with everything that I feel will benefit the overall DFIR community. From students to the (older) members of the ‘floppy disc imaging with Safeback” club. Whatever is missing on dfir.training is only missing because I don’t know about it or I believe there is already an awesome resource to fall back on (but I will certainly link to those resources!).

Kudos to the DFIR contributors and creators out there, from the hardcore software developers to those who thoughtfully share their research and (positive!) opinions! You folks have earned serious street cred !

Written by :Brett Shavers

{rscomments option="com_rsblog" id="44"}