This site is all about attribution in DFIR. 

The training courses directly target how to work a case (thinking, doing, methods, processes, etc...) and not the technical skills (well, maybe a few!).

There are plenty of technical courses that teach how to pull data and analyze it, but none that teach what to do with it!

Free resources are great! That's why I run the www.dfir.training website and I encourage using every free resource you can find.

But this is a little different. I am personally interacting and supporting those who are actively engaged with this website.

Also, to get the most out of learning, you need to pinch yourself in order to be forced to focus.  Pinching is usually best done by having to invest in yourself.

Well, no one actually, but I am running it.

The community discussion board is new, but will be self-run by everyone who needs it (plus me chiming in!).

My input will be in how I can inspire or guide you in your casework, to do better, to do faster, and to do more accurately. 

Focus on casework.

We too often stick ourselves 'in the box/data' and forget that we are working on a case. Whether it be a digital forensics case or an incident response matter, we are working on those as a case whether or not they are intended to be legal cases.

We also tend to forget that we are human trackers. DFIR, in a nutshell, is tracking criminals.

Everything on this site is intended to guide you through that goal.

Tips, tricks, methods, processes, and procedures geared to place a suspect at a device, at a specific place and time.