Please help contribute to the Reddit categorization project here

    FifthRendition

    + friends - friends
    1,217 link karma
    1,923 comment karma
    send message redditor for

    [–] Retrieving data from Chrome's Incognito mode on a powered off Android FifthRendition 1 points ago in computerforensics

    If you have access to Android device you might be able to test it prior to turning on the device itself. This way you can see the results yourself.

    [–] This is what teething looks like. Pictures taken one day apart. FifthRendition 3 points ago in daddit

    Yeah my daughter had inflammation of the cheeks. Couldn't figure out what was causing it. Seriously one of the best things I've seen here and I'm here literally everyday. Also explains her crying so much too. I figured it was new teeth coming in, but the cheeks nails it.

    [–] Forensic platforms that can use graphics cards leveraging FifthRendition 0 points ago in computerforensics

    Ty!

    I knew that password crackers use graphics cards, just seeing if there was anything else.

    [–] Digitizing and Streamlining Chain of Custody/QC Process FifthRendition 1 points ago in computerforensics

    So the question is, are you spending more time filling it out electronically, printing it, signing it, scanning it, then placing it in the right folder OR are you spending more time looking for it when you need it? CoCs are used for many reasons, mostly, imo is when you need to prove chain of custody for legal reasons. Are you really getting enough cause to justify all of that work? Maybe, maybe not. My guess is no.

    [–] Digitizing and Streamlining Chain of Custody/QC Process FifthRendition 2 points ago in computerforensics

    Thanks for the response. I get that you want the signature on digital. But does it actually have to be? That seems to be the biggest hangup. And are you doing a COC for every single HDD?

    And holy crap, 90 custodians is a lot. Perhaps your lab needs more help?

    [–] Getting a job in this field upon graduation? FifthRendition 5 points ago in computerforensics

    Not like it was back in the day. Shrooms are a different story, not entirely though. Just gotta be honest with it ALL. Investigatiors are very good at finding things, they talk to all of your contacts. It's pretty detailed. Also it depends on how long ago it was all well. If HS for you was 6 months ago, that's different than 10 years ago, etc.

    TBH, you're going to struggle at finding a job right out of college, no other way about it. My motto is and probably will be for a very long time, "Hard work puts you where good luck can find you."

    [–] Getting a job in this field upon graduation? FifthRendition 6 points ago in computerforensics

    DC area for DFIR is all Federal, whether it's direct with them or a contractor. You'll need to make sure, if that's what you want, that you can pass security clearances. Biggest thing about security clearances, obviously is the truth, but most people have issues with credit. DO NOT FUCK THAT UP. It will stay with you forever. When I mean forever, I mean it follows you everywhere you go. That being said, it doesn't mean you can't get student loans, but did you get too much and now you can't pay for them and are missing payments?

    As for the jobs themselves, start doing your research now. Follow #dfir on Twitter to who is hiring, etc. Network, network, network is key.

    [–] Surface Book 2 as a field laptop FifthRendition 3 points ago in computerforensics

    I don't see anything wrong with it, how many USB ports does it have? You could always just use a USB hub as well. If you are using it just for imaging, should be ok.

    You definitely want more ram, depending on the software you're using and what it's trying to process. And how many other things you're doing at the same time.

    [–] Digitizing and Streamlining Chain of Custody/QC Process FifthRendition 1 points ago in computerforensics

    So I have some questions. Maybe we'll be able to come up with a different solution for you.

    Why are you doing it electronically and then printing? How detailed are you doing it? What are you doing electronically that you can't do handwritten? What if you did it electronically, but then printed out, on a small sticker, the basic info needed for the HDD? Date, case, name, hash, etc. That can be done quickly and then it stays with the drive. Then you keep the COC electronic. Are you putting your signature on it and thats why you are rescanning it again? If so, why are you signing it? What makes you signing it different than having it printed out? Or you could just fill it out electronically, print it out to keep with the HDDs and not scan it back in? I get the electronic part, that makes sense. I get having q paper copy trail, that makes sense as well. Just don't know why you have to scan it back in.

    [–] Somehow still cute when covered in sick [Kid Picture] FifthRendition 2 points ago in daddit

    We have those bibs, they're pretty cool. And yeah, covered is no joke. My daughter threw up 2 times this week. One was crazy where it just kept coming out. She didn't cry or anything, weird.

    [–] Advice needed FifthRendition 1 points ago in computerforensics

    Nice! Thanks! We've got a big case going on now and I can throw some stuff at it and see what sticks.

    [–] Advice needed FifthRendition 1 points ago in computerforensics

    Even better, thanks!

    [–] Advice needed FifthRendition 1 points ago in computerforensics

    Sweet, thanks for the info.

    [–] Advice needed FifthRendition 1 points ago in computerforensics

    Hmmm. Completely automated? Interesting. How long does it take to go from 0-60? I wonder if SANs has some stuff on it on their site.

    I've got SANS training in q1 or q2 of 18, don't know if they'll incorporate that into the classes we're taking or not.

    [–] Advice needed FifthRendition 1 points ago in computerforensics

    Haven't heard of fresponse. I'll have to look into it.

    [–] Advice needed FifthRendition 1 points ago in computerforensics

    This is EXACTLY why we won't get cellebrite. And encase.

    [–] Picture is over a year old now, but it's still one of my favorites. FifthRendition 1 points ago in daddit

    OMG. Look at all that hair. So cute! I love the way she's holding her hand up hahaha.