The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics",
as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools".
Pages
▼
Monday, December 08, 2014
10 Years of Blogging
That's right...my first blog post was ten years ago today. Wow.
Over the passed ten years, some things have changed, and others haven't.
As the year comes to a close, don't forget about the WRF 2/e Contest.
Congrats on the achievement. Every since I entered this field I have seen blogs come and go; but yours has been a mainstay in our field over the years. Being able to continue producing new and different content month in and month out is a great accomplishment. Keep up the good work.
Congratulations Harlan for reaching this milestone!
I deeply appreciate your postings and have no doubts you are making a difference in my humble sysadmin and incident response skills and approaches.
I have so much to learn and your posts help me to refine where I need to apply my learning growth.
I also appreciate the personalized comments and advice (and shout-outs) you provide to me as a blogger. The encouragement keeps me going when blogging enthusiasm is slow or my focus is a bit off the mark.
As for recommendations? Keep up the technical posts. I particularly benefit from "the case of" type posts that walk through a scenario and its response/post-analysis. Not only do they help me learn new approaches and methods, but help me step out of the trap of "there's just one way to do it" in my own responses. Those can probably be more challenging to compose if based on "real-life" situations (changing details to protect the innocent/p0wned) but they help so much.
One other thing I might enjoy is a another "sidebar" link page under your "Pages" listing other books, online courses, etc. that in your considerable experience and wisdom you might encourage us padawan sysadmin incident responders with so that we don't muck things up for the Jedi masters but actually learn. Not only will our skills improve but we might better apply IR best-practices at the get-go in case we do find (or have to make the case for) escalation and hand-off to the IR masters...despite organizational challenges and buy-in to do so (rather than just comply with a wipe/reimage/move-on order).
Thanks, I know that I've enjoyed your blog over the years, as well.
Re: Technical posts...I can keep that up, but one thing I've noticed over time is that while lots of folks want to see things like that, few are willing to share any of their own stories.
Re: Courses, etc. - I don't think I can speak competently to that, sorry. The only training course I've taken in recent years is the memory forensics course from Volatility, which is THE BOMB DIGGITY.
Congrats on the milestone. I picked up two of your books this past week, Registry Forensics and the latest edition of the Windows Forensic Analysis series. I just finished my MS focusing on forensics and have read a bunch of forensics related books over the last 4 years. I can confidently say that your books are by far my favorite. My only complaint is that you don't have many more books on the market. I can't get enough! I'm glad I found your blog.
My only complaint is that you don't have many more books on the market.
Well, I don't know about more books, but I've wanted to provide more coverage of other things (Windows Phone, etc.) but I can't do that without support from the community.
Harlan, Congrats. I believe I have been enjoying your posts for almost that long. Thanks and keep them coming.
ReplyDeleteWalt Bobby
Walter, thanks.
ReplyDeleteAny thoughts on what I could do to improve the content?
Harlan,
ReplyDeleteCongrats on the achievement. Every since I entered this field I have seen blogs come and go; but yours has been a mainstay in our field over the years. Being able to continue producing new and different content month in and month out is a great accomplishment. Keep up the good work.
Congratulations, Harlan! Ten years of DFIR blogging is a tremendous accomplishment. Thank you for taking the time to share so much with the community.
ReplyDeleteChad,
ReplyDeleteThanks. Any thoughts on what I might do to improve the content?
Congratulations Harlan for reaching this milestone!
ReplyDeleteI deeply appreciate your postings and have no doubts you are making a difference in my humble sysadmin and incident response skills and approaches.
I have so much to learn and your posts help me to refine where I need to apply my learning growth.
I also appreciate the personalized comments and advice (and shout-outs) you provide to me as a blogger. The encouragement keeps me going when blogging enthusiasm is slow or my focus is a bit off the mark.
As for recommendations? Keep up the technical posts. I particularly benefit from "the case of" type posts that walk through a scenario and its response/post-analysis. Not only do they help me learn new approaches and methods, but help me step out of the trap of "there's just one way to do it" in my own responses. Those can probably be more challenging to compose if based on "real-life" situations (changing details to protect the innocent/p0wned) but they help so much.
One other thing I might enjoy is a another "sidebar" link page under your "Pages" listing other books, online courses, etc. that in your considerable experience and wisdom you might encourage us padawan sysadmin incident responders with so that we don't muck things up for the Jedi masters but actually learn. Not only will our skills improve but we might better apply IR best-practices at the get-go in case we do find (or have to make the case for) escalation and hand-off to the IR masters...despite organizational challenges and buy-in to do so (rather than just comply with a wipe/reimage/move-on order).
Cheers!
-Claus Valca
Claus,
ReplyDeleteThanks, I know that I've enjoyed your blog over the years, as well.
Re: Technical posts...I can keep that up, but one thing I've noticed over time is that while lots of folks want to see things like that, few are willing to share any of their own stories.
Re: Courses, etc. - I don't think I can speak competently to that, sorry. The only training course I've taken in recent years is the memory forensics course from Volatility, which is THE BOMB DIGGITY.
Hi Harlan,
ReplyDeleteCongrats on the milestone. I picked up two of your books this past week, Registry Forensics and the latest edition of the Windows Forensic Analysis series. I just finished my MS focusing on forensics and have read a bunch of forensics related books over the last 4 years. I can confidently say that your books are by far my favorite. My only complaint is that you don't have many more books on the market. I can't get enough! I'm glad I found your blog.
Armindo,
ReplyDeleteMy only complaint is that you don't have many more books on the market.
Well, I don't know about more books, but I've wanted to provide more coverage of other things (Windows Phone, etc.) but I can't do that without support from the community.
Thanks for your comments.