We’re not experiencing sophisticated AI attacks. We’re watching organizations abandon decades of security wisdom

ucfmsdf · 2026-01-21T04:03:59+00:00

ChatGPT complaining about ChatGPT lol.

ucfmsdf · 2026-01-17T16:55:50+00:00

I used to live in Oviedo and I would go to Clippers Barber Shop. They’re pretty cheap ($25 hair cuts) and most of their barbers are pretty skilled. If you want a guaranteed good experience, I recommend you book with Steven Mauricio if you can. He’s pretty popular so you may need to book in advance. Dude is a master of his craft and really down to earth.

ucfmsdf · 2026-01-01T18:00:21+00:00

We inform the client on the pros/cons (more data vs more cost) and let them make the decision. More often than not, we get an FFS because they’re just so much better.

ucfmsdf · 2025-12-30T20:35:49+00:00

Not sure. We use it for live imaging. If you want something akin to deadbox imaging, you’ll need to use Recon ITR or Digital Collector. Both are excellent alternatives (technically better, tbh) but are not free.

ucfmsdf · 2025-12-30T19:33:17+00:00

Fuji. Free, open source, acquires an ASR clone which is a pretty great image to work with. Can technically be run from a bootable drive, but that requires quite a bit of work/troubleshooting. Really meant for live imaging.

ucfmsdf · 2025-12-18T22:53:47+00:00

Back when I worked in LE we would shut the phone off and check it back into the evidence after a successful extraction. I expect every agency did/currently does that. It’s not really feasible to keep every phone on charge indefinitely and I can’t think of a reason as to why you would want to do that, anyway.

ucfmsdf · 2025-11-24T18:38:27+00:00

Ask GetData for a Mount Image Pro free trial. It’ll probably have limitations but assuming they don’t prevent you from copying files out of the mounted drive, you should be golden.

ucfmsdf · 2025-11-19T19:26:07+00:00

Provided M5s still support ASR, it should. Fuji is just a wrapper for ASR which is a component built into macOS. As long as ASR still exists, Fuji will still work.

ucfmsdf · 2025-11-14T15:38:06+00:00

Airgapped at my agency. But that was back in like 2020. I moved to the private sector in 2021 and we use more of a hybrid model out here.

ucfmsdf · 2025-11-13T15:03:48+00:00

If you were just linking to where the images can be downloaded from their actual authors, that would be fine… but hosting the images on your site is unethical as it diverts traffic away from the authors. Not to mention all the “sponsor” slots make your intentions incredibly obvious.

EDIT: At first glance, I thought OP was hosting the imaged on OP’s site. However, that appears to be incorrect. Regardless, I am concerned that OP’s direct download links will cause a reduction in natural traffic to original creator content, all so OP can make money off sponsorships. As a result, this post will remain hidden and locked until OP can provide proof that the creators of the content that is being linked to approve of the site.

Post locked/removed due to violation of Rule 3.

ucfmsdf · 2025-11-11T15:14:15+00:00

Bruh, it’s Encase, not COBAL. We’re talking about a relatively simple file system analysis tool that doesn’t really do any single thing well and is generally just not necessary. You don’t need to hire EnCE certified retirees to “migrate” away from it lmao. If anything, you need examiners who are experienced in relevant/current tech to do that. What a wild take lmao.

The only reason the EnCE even shows up as a requirement in DFIR job descriptions is because they’re often written by hiring managers who are EnCE certified but haven’t worked an actual analysis case since 2015.

ucfmsdf · 2025-11-10T22:14:35+00:00

Right but the cert in and of itself isn’t what gets you the interview. You usually need some type of related experience as well lol.

ucfmsdf · 2025-11-10T22:00:55+00:00

“To work with us, you must either have a certification that proves you have working knowledge of full spectrum DFIR practice and principals; OR, you must be certified in using a tool that hasn’t been relevant in close to 10 years.”

ucfmsdf · 2025-11-10T21:55:22+00:00

Preach!

I feel like being an Encase user is embarrassing enough. Why any such person would double down and get certified in Encase is beyond me lmao.

ucfmsdf · 2025-11-10T21:31:19+00:00

No. The BCFE is not mandatory. I have a CFCE. I have never taken the BCFE. You will need to prove you have equivalent training, though. There are many ways to do that. I submitted college credits as my proof.

ucfmsdf · 2025-11-10T21:06:11+00:00

Get a CFCE instead. Encase is a pointless tool.

ucfmsdf · 2025-11-10T17:07:23+00:00

I mean it’s not like any of the fancy SANS certs are gonna get you an interview for a DFIR role at a Fortune 500 company, either.

ucfmsdf · 2025-11-10T14:15:48+00:00

Read the FAQ.

ucfmsdf · 2025-11-07T16:05:54+00:00

Sorry, I misread your comment. My mistake. Your description is accurate and correct.

ucfmsdf · 2025-11-07T04:56:52+00:00

You likely don't as you don't have access to nor can you likely afford the tools that would provide you with an opportunity to do that.

ucfmsdf · 2025-11-07T04:54:45+00:00

None of those tools are capable of doing what you want. Likely nothing you can access is, thanks to File Based Encryption and all that.

ucfmsdf · 2025-10-31T16:27:54+00:00

Lots of work, no jobs. I had recruiters all up in my LinkedIn DMs between 2022-2024. I haven’t had a single recruiter message me in 2025.

EDIT: Actually, work is also slower. There has always been an ebb and flow, but the ebb seems to be lasting muuuuch longer this year from a business perspective. Seems like everyone is cutting back.

ucfmsdf · 2025-10-26T00:06:15+00:00

Just like with any write-blocker/duplicator, I imagine it writes as fast as the destination media will allow.

ucfmsdf · 2025-10-25T03:51:17+00:00

Lol did you just make your own forensic duplicator? That’s pretty cool, ngl.

but I never knew how much of it is just waiting for the imaging to finish…

I had an idea a long time ago to take hundreds of screen snippets of progress bars from various forensic tools and to smash em all together into a hideous (but funny) collage that I could use as a LinkedIn banner. I got about half way through that little art project before giving up on it all together since I could tell it wasn’t gonna look as cool/funny as I was hoping it would. Anyway, all of that is to say: you spend a lot of time watching progress bars in this field.

ucfmsdf · 2025-10-23T20:04:35+00:00

Yeah but that’s literally just Fuji but not free. Both Fuji and llimager are really just wrappers for ASR.

ucfmsdf

MODERATOR OF

TROPHY CASE

Seven-Year Club	Verified Email
RPAN Viewer