During my time in the industry, I’ve seen a couple of interesting aspects of “information sharing”. One is that not many like to do it. The other is that, over time, content creation and consumption has changed pretty dramatically.
Back in the day, folks like Chris Pogue, with his The Digital Standard blog, and Corey Harrell with his Journey Into IR blog, and even more recently, Mari with her Another Forensics Blog have all provided a great deal of relevant, well-developed information. A lot of what Mari shared as far back as 2015 has even been relevant very recently, particularly regarding deleted data in SQLite databases. And, puh-LEASE, let’s not forget Jolanta Thomassen, who, in 2008, published her dissertation addressing unallocated space in Registry hives, along with the first tool (regslack) to parse and extract those contents – truly seminal work!
Many may not be aware, but there are some unsung heroes in the DFIR industry, unrecognized contributors who are developing and sharing some incredible content, but without really tooting their own horn. These folks have been doing some really phenomenal work that needs to be called out and held up, so I’m gonna toot their horn for them! So, in no particular order…
Lina is an IR consultant with Secureworks (an org for which I am an alum), and as string of alphabet soup following her name. Lina has developed some pretty incredible content, which she shares via her blog, as well as via LinkedIn, and in tweet threads. One of her posts I’ve enjoyed in particular is this one regarding clipboard analysis. Lina’s content has always been well-considered, well-constructed,
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: