/now
A running snapshot of what’s in front of me right now: what I’m working on, reading, learning, or otherwise enjoying. Inspired by nownownow.com.
Working on
- A research paper on newly-surfaced Windows 11 Start Menu forensic artifacts as
evidence of program execution and file/folder access. Early findings are promising enough
that I think it’ll be worth the write-up.
- Also, I really want that sweet FOR500 class coin.
- ATLAS (working title), an analyst-facing enterprise baselining solution I’m building at Exfiltrace, my DFIR consulting and threat research arm.
- Authoring more DFIR training material over at TCM Security and/or Exfiltrace.
- Researching AI-augmented DFIR approaches: where language models help, where they mislead, and how to validate their output in a forensically sound way.
- Building out forensicate.net as a place to publish DFIR notes and tools.
Reading
- Applied Incident Response by Steve Anson.
- The Art of Memory Forensics by Ligh, Case, Levy, and Walters.
Learning
- Wrapping up the SANS.edu Graduate Certificate in Incident Response this year.