It’s nomination time again for the Forensic 4cast Awards, held at the SANS DFIR Summit in Austin, Texas. I thought I would post up my nominations to recognise all the people and teams that have contributed to the #DFIR community over the last year.
There’s less than a week to go, so get your nominations in to show your appreciation!
DFIR Commercial Tool of the Year
- Magnet AXIOM – They made some great strides with adding a variety of artefacts and features. The big thing was the Mac artefacts and the re-done timeline.
- X-Ways Forensics – A powerful forensic suite that has some amazing features.
- Cellebrite UFED – Mainly for adding full file system extractions based on Checkra1n into the hands of all examiners. Previously this level of access was only for LE or jailbroken devices.
- Arsenal Image Mounter – This tool is my current go-to image mounting tool, and the instant virtualisation has been fantastic too.
DFIR Non-commercial Tool of the Year
- KAPE – KAPE in principle is a very simple tool. It collects and parses artefacts based on a series of targets and modules. But the speed and versatility of this tool makes it really awesome. If you haven’t looked at it yet I’d highly recommend it!
- Velociraptor – This open source agent (and server, and sometimes not agent, it does a lot) allows for network-wide host-based DFIR collection, analysis, remediation, and monitoring.
- iLEAPP – Alexis Brignoni has done an amazing job combining all the available iOS parsers into an easy-to-use package.
DFIR Show of the Year
- Forensic Lunch – Dave and Matt do a great job every time they run a Forensic Lunch (usually twice a month). DIdn’t really run that much so far this year
- Digital Forensic Survival Podcast – Michael has a show every week without fail. It’s a great resource for examiners to go back to and refresh themselves on the variety of topics that are covered.
- 13cubed by Richard Davis – well produced and informative videos
- I’ll also throw the ‘This Month In 4n6‘ monthly podcast in the ring, although it’s not nearly as deserving as the others.
DFIR Blog of the Year
There are so many great blogs, and people who I wish had more time to post more!
- HECFBlog – Dave is a given nomination for blog of the year, even though he only posted for half the year.
- Initialization Vectors – Alexis Brignoni has consistently put out some great research and tools on his blog. If you do mobile forensics you should be reading this.
- The Binary Hick – Josh Hickman puts a considerable amount of effort into every post that he does, as well as putting out well documented Android dumps for people to play with.
- Elcomsoft – Oleg and Vladimir regularly put out some great content, primarily focusing on mobile devices, and encryption.
DFIR Book of the Year
- Good question! I don’t actually have a nomination for this one.
DFIR Article of the Year
- iLEAPP: iOS Logs, Events, And Properties Parser – Even if you don’t use this tool, just read the conclusion of the post.
- Windows Event Logs – Mike’s excellent article on event logs.
- The Office Document Cache and Introducing ODC Recon – Part I – Some excellent research on cached documents.
DFIR Social Media Contributor of the Year
DFIR Degree Program or Training Class of the Year
- I’m biased as I’m on my way to being a FOR500 instructor. So I’ll say the FOR500 class!
- We also saw the debut of the FOR498 class which I’ve heard great things about.
DFIR Groundbreaking Research of the Year
- Sysdiagnose – The research conducted by Mattia Epifani, Heather Mahalik, and Cheeky4n6Monkey
- Checkm8 – The discovery of the Checkm8 vulnerability by axi0mX has been able to allow for an amazing advance to mobile iOS forensics. Whilst previously the ability to obtain a full file system extraction was limited to jail breaking or LE-only tools, now this level of access is afforded to everyone.
- Analysis of the Amcache – Blanche Lagny put out a very comprehensive paper about the Amcache that’s well worth a read.
- Blackbags work on acquiring physical images from Macs with T2 chips.
DFIR Newcomer of the Year
DFIR Resource of the Year
These all go without saying. If you don’t go to any of these sites you’re missing out on valuable information
DFIR Team of the Year
- My team! Klein and co.
- The SANS DFIR team.
Yes I’m biased.
Digital Forensic Investigator of the Year
Usually I put multiple people here. I’m just putting one this time. Not because there aren’t others that aren’t deserving. I just know that he qualifies as an investigator, and does a ridiculous amount to help others, particularly in the mobile forensics space.
There are plenty of others in every category, and if you believe that someone should be nominated, then definitely go ahead and nominate them.