Published Date : May 1, 2022 , atropos4n6
Needless to say, it is this time of year again that we gather and pay our tributes to those who despite the challenges of life and work they keep showing up and make our DFIR community a better place. I am so grateful to each one of them and hope more of us will join them in contributing back to this community. Almost at the end of the deadline, I finally managed to save some spare time in order to submit my 4cast nominations. I am so glad I made it on time. It is a simple yet soo important task to do. If you haven't done it already then you may do it here: https://forms.gle/g6hDp9uaErvoNzt68 (Only a few hours are left, the clock is ticking!!). So, without further due here are my nominations (for the year 2021):
DFIR Commercial Tool of the Year
AXIOM can be used with pretty much any case or evidence. It will parse for you the majority of the artifacts there are there. Team Magnet constantly expands its support and parsing/carving capabilities in a way that the convenience AXIOM offers, makes it really challenging to work a case without it. Such a great tool for analysis that definitely worth the investment.
Cellebrite UFED and Oxygen Detective are great tools too. Combined they support both the extraction and analysis of almost every cellphone on the market. When one does not support a satisfying extraction of a device the other will step in and vice versa. Both of these tools have helped me a lot in the past. Another point to mention is their excellent support (at least from personal experience at the Digital Forensics Discord Server). Whenever I needed them, I got my support within hours, minutes or even seconds sometimes. Congrats to you both!
X-WAYS is another great piece of software that shouldn't miss from someone's DFIR toolkit. At a really competitive price, X-WAYS supports almost any File System and can tackle a variety of complex DFIR tasks. What I like the most about this tool is the speed with which you can navigate through the whole file system of your evidence and at the same time see which folders have files within or not.
DFIR Non-commercial Tool of the Year
xLEAPP refers to a set of DFIR open-source tools developed by Alexis Brignoni (@AlexisBrignoni). I use all the tools from the xLEAPP family all the time and have to admit that some of the artifacts parsed by these tools are not parsed by commercial tools that cost a small fortune. These tools get regularly updated not only from Alexis but from the whole DFIR community as well. If you haven't tried them yet, you can get them for free from here: https://github.com/abrignoni
DFIR Show of the Year
Magnet Forensics Presents: Cache Up and Forensic Happy Hour are two shows where their hosts (Jessica Hyde @B1N2H3X and Lee Reiber @Celldet respectively) invited and spoke with many renowned DFIR people. I found those conversations both really interesting and educating and they helped me learn something new.
Cellebrite iBeg to DFIR is a show hosted by Heather Mahalik @HeatherMahalik where DFIR concepts, scenarios and artifacts are presented by her and other DFIR experts. I find that show really helpful with my cases and especially some episodes are a goldmine of information (e.g. Episode 15)
DFIR Blog of the Year
The Binary Hick is Josh Hickman's @josh_hickman1 blog. It is full of great content and thorough research. I admire the time and effort he has put into it and I am grateful as I have used his research many times in my cases.
Ian Whiffin @BlakDouble maintains DoubleBlak. If you are interesting in iOS forensics you should definitely visit his blog. It has some great posts with many hours of testing backing them up.
Stark4n6 is Kevin Pagano's @KevinPagano3 blog. Kevin has written some great posts as well. His research is consistent and always up to date. I visit his blog regularly.
DFIR Article of the Year
DFIR Social Media Contributor of the Year
Jessica Hyde does a great job contributing back to the community in so many diverse ways.
DFIR Degree Program or Training Class of the Year
A training class I attended last year and was taken aback by its superb quality. Even if it is not a tool agnostic course, it does a great job in pointing out where someone should dive into to locate important Windows artifacts.
DFIR CTF / Challenge of the Year
DFIR Mentor of the Year
DFIR Resource of the Year
I use all of the aforementioned resources all the time. Either for updating my knowledge or asking something I do not know these resources are my first go to place. Absolutely phenomenal job. I would like to see them all win if possible.
DFIR Team of the Year
Digital Forensic Investigator of the Year
Alexis has done so much for this community. He is so consistent and devotes so much time in maintaining/updating his xLEAPP tools for everyone to use. He absolutely deserves this award. Researching is always time consuming and when it is not your main field of work, it means that you have to sacrifice all of your spare time. Hats off to him and everyone else of the aforementioned ones that act in the same way.
I may have not included all the DFIR contributors there out there but that does not mean I forgot you. I would like to thank you all for contributing back to this community. Together we can make DFIR even greater.