Monday, December 08, 2014

10 Years of Blogging

That's first blog post was ten years ago today.  Wow.

Over the passed ten years, some things have changed, and others haven't.

As the year comes to a close, don't forget about the WRF 2/e Contest.


Unknown said...

Harlan, Congrats. I believe I have been enjoying your posts for almost that long. Thanks and keep them coming.

Walt Bobby

H. Carvey said...

Walter, thanks.

Any thoughts on what I could do to improve the content?

Corey Harrell said...


Congrats on the achievement. Every since I entered this field I have seen blogs come and go; but yours has been a mainstay in our field over the years. Being able to continue producing new and different content month in and month out is a great accomplishment. Keep up the good work.

Chad Tilbury said...

Congratulations, Harlan! Ten years of DFIR blogging is a tremendous accomplishment. Thank you for taking the time to share so much with the community.

H. Carvey said...


Thanks. Any thoughts on what I might do to improve the content?

Claus Valca said...

Congratulations Harlan for reaching this milestone!

I deeply appreciate your postings and have no doubts you are making a difference in my humble sysadmin and incident response skills and approaches.

I have so much to learn and your posts help me to refine where I need to apply my learning growth.

I also appreciate the personalized comments and advice (and shout-outs) you provide to me as a blogger. The encouragement keeps me going when blogging enthusiasm is slow or my focus is a bit off the mark.

As for recommendations? Keep up the technical posts. I particularly benefit from "the case of" type posts that walk through a scenario and its response/post-analysis. Not only do they help me learn new approaches and methods, but help me step out of the trap of "there's just one way to do it" in my own responses. Those can probably be more challenging to compose if based on "real-life" situations (changing details to protect the innocent/p0wned) but they help so much.

One other thing I might enjoy is a another "sidebar" link page under your "Pages" listing other books, online courses, etc. that in your considerable experience and wisdom you might encourage us padawan sysadmin incident responders with so that we don't muck things up for the Jedi masters but actually learn. Not only will our skills improve but we might better apply IR best-practices at the get-go in case we do find (or have to make the case for) escalation and hand-off to the IR masters...despite organizational challenges and buy-in to do so (rather than just comply with a wipe/reimage/move-on order).


-Claus Valca

H. Carvey said...


Thanks, I know that I've enjoyed your blog over the years, as well.

Re: Technical posts...I can keep that up, but one thing I've noticed over time is that while lots of folks want to see things like that, few are willing to share any of their own stories.

Re: Courses, etc. - I don't think I can speak competently to that, sorry. The only training course I've taken in recent years is the memory forensics course from Volatility, which is THE BOMB DIGGITY.

Mindo said...

Hi Harlan,

Congrats on the milestone. I picked up two of your books this past week, Registry Forensics and the latest edition of the Windows Forensic Analysis series. I just finished my MS focusing on forensics and have read a bunch of forensics related books over the last 4 years. I can confidently say that your books are by far my favorite. My only complaint is that you don't have many more books on the market. I can't get enough! I'm glad I found your blog.

H. Carvey said...


My only complaint is that you don't have many more books on the market.

Well, I don't know about more books, but I've wanted to provide more coverage of other things (Windows Phone, etc.) but I can't do that without support from the community.

Thanks for your comments.