Hello World!

The Purpose of my Blog.

I have wanted to blog for a long time, however, I personally felt there were a number of things that prevented me from blogging, especially on a topic so technical. Digital Forensics is such a wide reaching field, it covers so many aspects of modern day computing; it is easy to become overwhelmed just by thinking of the scope of this profession. To then think that you are adequate enough to contribute to this profession where folks like Mandiant dominate on the IR level, and then throw in the DFIR Gods like Rob Lee, Harlan Carvey, and Corey Harrell who are front and center every day with their incredible insights and analysis.  These guys are my “American Idols”. Nonetheless, I have decided to stick my neck out. The reason? I want to share what I have learned, I want to be commented on (peer review), and ultimately, I want to get on. I want to advance my career in this fascinating field and crush a few bad guys along the way. There is RISK in this blogging thing, I have no idea how it will go, but I have a purpose.  As I have stated I want to share, I want to learn, and I want to move up in this world of DFIR. How do you do that if nobody knows you, and by that extension, they do not know your thoughts, procedures, and capabilities to achieve your results and wins.

My background in PC computing stems from a technology start back in 1996 just as the PC/Internet world was coming to fruition. Heck, I had a Packard Bell 486 DX2 66 with a 2400-baud modem to Prodigy for Win3.1. After a career change and fresh out of IT school I held a few positions quickly rising in IT responsibilities with each move. I started of on a helpdesk, then to product support, to Desktop OS and application support, then Network Admin on Novell, switching to NT, then some engineering, then into end point security products, and ultimately to where I have been for the past few years as a DF Examiner. Most DF examiners that have been doing this for the past 5 years or so fall into these positions because someone asked them to assist with something related to info sec, or some other security related issue. I am no different. Simply because the group I was in at the time I was asked if I would like to do disk forensics? “Wow” I said, “sounds exciting”. I have an IT background but had no idea on forensics. I recall my manager walking me through the use of EnCase 5.x over the phone doing a set include!

Anyway, I plan to publish useful articles on procedures anyone can use. These procedures will have a theme and an end result goal in mind in what I am trying to accomplish. Additionally, I can use it as my own personal library collection so I can reference them myself. It’s hard to remember all your procedures when you have so many, so why not have them readily available and share them. What I really hope for is for someone to say “hey, you know you can do it this way also which is easier”. Or, “hey, have you thought about this or that?” I as said, I want to learn and move up in this profession, and I cant do that unless I put myself out there so people can  see what I am doing right!

 So, check back soon, I ‘ll have something up asap.

Mr. Orinoco