The Hitchhiker's Guide to DFIR: Experiences From Beginners and Experts

Andrew Rathbun is a DFIR professional with multiple years of experience in law enforcement (sworn and civilian) and the private sector. Andrew is involved in multiple community projects, including but not limited to: the Digital Forensics Discord Server and multiple GitHub repositories.

ApexPredator is a cybersecurity professional with several years of experience as a Systems Administrator. ApexPredator has a MS in Cybersecurity and Information Assurance and holds several cybersecurity certifications including OSCE3, OSWE, OSEP, OSED, OSCP, OSWP, GREM, GXPN, GPEN, GWAPT, GSLC, GCIH, GCIA, and GSEC.

Kevin Pagano is a digital forensics analyst, researcher, blogger and contributor to the open-source community. He holds a Bachelor of Science in Computer Forensics from Bloomsburg University of Pennsylvania and a Graduate Certificate in Digital Forensics from Champlain College. Kevin is a member of the GIAC Advisory Board and holds several industry certifications, including the GIAC Advanced Smartphone Forensics (GASF), GIAC Certified Forensic Examiner (GCFE), and GIAC Battlefield Forensics and Acquisition (GBFA), and the Certified Cellebrite Mobile Examiner (CCME) among others.

Kevin is the creator of the Forensics StartMe page and regularly shares his research on his blog stark4n6.com. He is a published author with multiple peer-reviewed papers accepted through DFIR Review. Kevin also contributes to multiple open-source projects, including but not limited to ALEAPP, iLEAPP, RLEAPP, CLEAPP and KAPE.

Kevin is a regular competitor in the digital forensics CTF circuit. He has won First Place in the Magnet User Summit DFIR CTF 2019, the Magnet Virtual Summit DFIR CTF 2021, the Magnet User Summit DFIR CTF 2022, the Magnet Weekly CTF 2020, the Wi-Fighter Challenge v3 CTF, the Belkasoft Europe 2021 CTF, and the BloomCON CTF in 2017, 2019, 2021 and 2022. He additionally is a SANS DFIR NetWars Champion and NetWars Tournament of Champions winner and has earned multiple Lethal Forensicator coins. Kevin is a 4-time Hacking Exposed Computer Forensic (HECF) Blog Sunday Funday Winner.

In his spare time, Kevin likes to drink beers and design DFIR-themed designs for stickers, clothing, and other swag. You can find him lurking on Twitter (https://twitter.com/kevinpagano3) and on the DFIR Discord.

Nisarg is an independent researcher, a blue teamer, CTF player and a blogger. He likes to read material in DFIR; old and new alike, complete investigations on platforms like CyberDefenders and BTLO, and network with other forensicators to learn and grow mutually.

John Haynes works in law enforcement with a focus on digital forensics. John holds several digital forensics certs including Cellebrite Certified Mobile Examiner (CCME) and Magnet Certified Forensics Examiner (MCFE) and also holds the networking Cisco Certified Network Associate (CCNA) certification. Having only been active in digital forensics since 2020, his background as a curious nerd has served him well as he has just started exploring what digital forensics has to offer.

A life long IT aficionado, Guus Beckers (1990), completed the Network Forensic Research track at Zuyd University of Applied Sciences as part of his bachelor’s degree. In 2016 he attained his university master degree at Maastricht University by completing the Forensics, Criminology and Law master’s program. Guus currently works as a security consultant at Secura where he leads the forensic team in addition to performing penetration testing. 

Barry Grundy has been working in the field of digital forensics since the mid 1990s. Starting at the Ohio Attorney General's office as a criminal investigator, and eventually joining U.S. Federal Law Enforcement as a digital forensics analyst and computer crimes investigator in 2001. He holds a Bachelor of Science in Forensic Science from Ohio University, and A Master's Degree in Forensic Computing and Cybercrime Investigations from University College Dublin.

Barry is the author and maintainer of the Law Enforcement and Forensic Examiner's Introduction to Linux ([LinuxLEO (https://linuxleo.com)). This practical beginner's guide to Linux as a digital forensics platform has been available for over 20 years and has been used by a number of academic institutions and law enforcement agencies around the world to introduce students of DFIR to Linux. Teaching, particularly Linux forensics and open source DFIR tools, is his passion.

An avid blue team leader helping to secure the healthcare industry. Despite being blue team focused, Tristram brings the enemy mindset to the table through various offensive skillsets in order identify gaps and validate existing controls. Cybersecurity is a field that will always have its place as the threat of cybercrime continues to grow, and through knowledge sharing we can help bridge that gap; Be the resource you always wish you had, and we will all be better off for it.

Breaker of things (mostly things that they shouldn't break). Writer of broken code. s3raph has worked in DFIR, Threat Hunting, Penetration Testing, and Cyber Defense and still somehow has a job in this field.

After serving in the US Navy for five years, Jason Wilkins began a career in firefighting and emergency medicine. While serving the community in that capacity for fourteen years he obtained associates degrees in criminal justice and computer networking from Iowa Central Community College online. He left the fire department in 2014 to pursue a network analyst position working for a global tire manufacturer. Disillusioned by a lack of mission and purpose, he returned to public safety in 2019 and began working as a crime & intelligence analyst for the local police department. It was there that he developed the agency's first digital forensics lab and started the N00B2PR04N6 blog. In 2020 he was nominated as Newcomer of the Year in the Digital Forensics 4:Cast awards and has spoken at both the SANS Digital Forensics and Magnet Forensics Summits. He currently works as an overseas contractor teaching digital forensics and is also an adjunct instructor for digital forensics and incident response at Iowa Central Community College.

Mark Berger is a data recovery professional, author and trainer which also holds several digital forensics related certifications, including but not limited to CDFE and CDFP. He is also involved in a few opensource-projects in the data recovery and digital forensics field.

Evangelos Dragonas is a PhD candidate at the Department of Digital Systems, University of Piraeus (Greece). His research focuses on the field of Digital Forensics, with a particular interest in IoT Forensics. He works as a Digital Forensics Examiner and holds CFCE, MCFE, and MCME certifications.