And that’s the end of 2019!
Thanks to everyone for reading and sharing my work. Thanks also to those that have written articles that make this site possible; without others sharing their work this site wouldn’t exist.
Overall the biggest change for the site was bringing on Lodrina. I met Lodrina in 2018 when we were both at the SANS DFIR Summit and then accompanying Windows Forensic Analysis class. Having her take half (or more than half sometimes) of the load has helped me get a bit of my weekend back, which I’m very grateful for. Hopefully she sticks around 🙂
Views and viewers continued to grow, which is nice. Almost 130k views across 36k visitors; pretty happy about that. That being said, there’s still a lot of people that could benefit from catching the post every week and seeing what everyone is up to.
WordPress also gives me download numbers for the podcast now, so I can see that that’s growing as well. Progress!
As with last year, the US viewership vastly outweighs other countries. Followed by Japan, the UK, and Australia.
The most popularly clicked links (excluding Medium, and Youtube), come from Andrea Fortuna and Adam from Hexacorn. This is almost certainly because Dave Cowen got a new job and took a hiatus from blogging. Hopefully he gets settled and comes back to sharing that sweet DFIR content we expect from him.
Highlights of the year; from memory, really seeing a lot in the mobile forensic space. Coming from law enforcement mobile forensics stands out to me, and seeing everything about the checkra1n vulnerability and the flow on effects of that is really cool.
The other thing that stood out was the release of a number of different triage acquisition and processing tools. We saw progresses in this arena from tools like KAPE and Velociraptor, as well as others like DFIR OCR, and DG Wingman. I’m sure there are others that I’ve missed, but the main idea was about how we can collect forensic data and answer questions quickly. SANS even released a course on the concept.
Otherwise people continued to share their research which is a great to see and I hope it continues on in 2020.
What Happened With Me?
With the newborn a lot of my time went to spending time with her. She’s amazing and exhausting. I’ve had to slow down a little on signing up to too much stuff, but I managed. I don’t think it’s going to be getting easier so I need to be more comfortable with finishing existing projects without starting hundreds more. Always a problem; much easier to start something than see it to completion.
I got to co-teach the SANS FOR500 Windows Forensic Analysis class a few times; twice with Ovie Carroll and once with Kevin Ripa. It was a lot of fun teaching with very experienced folks, and also hanging out and talking forensics. I’ll be teaching on my own in Sydney in May. Come take a class with me! I didn’t get out to many conferences but I was there in spirit, and watched everyone have a great time from afar.
I also left the public service after 7 years and joined a really great team. It’s been a really interesting environment and I’ve learned a lot over the last 9 months. Definitely forcing me to improve, and giving me some great stories for class! Plus we’ve worked some really great cases so that’s good.
More of the same really. I haven’t got too many big plans for the blog or podcast. I keep saying that I’ll try add a bit more of the threat hunting, incident response, and malware analysis content to the podcast but then run out of time. I may need a contributor for the podcast, but then timezones and time frames get messy (I generally just ad-hoc find 15-20 minutes on the last day of the month and go record. Adding other people makes that much harder).
I am helping out with the first DFRWS APAC in September, and I’ve mentioned that if anyone wants a sounding board for a talk or workshop then hit me up. I think it’ll be a lot of fun, and having a DFIR focused conference on my doorstep is nice.
Otherwise there’s one or two things in the works that hopefully will be making appearances throughout the year, and I’m looking forward to that!
Signing off for the year, thanks to everyone for their continued support 🙂
Happy new year!