tag:blogger.com,1999:blog-6949276544186342232024-03-29T06:02:38.498-05:00No Pryor KnowledgeKen Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.comBlogger67125tag:blogger.com,1999:blog-694927654418634223.post-18306503160817595392023-07-25T11:58:00.004-05:002023-07-26T08:26:27.509-05:00WinFE Course ReviewYesterday, I completed the WinFE course I mentioned in my last post. I wanted to do a review of the course because I found a lot of value in it. First, what is the Windows Forensic Environment (WinFE)? In short, it is a slightly modified portable Windows distribution
with software based write-blocking capability for the acquisition of
digital media.It is based on the Windows Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com3tag:blogger.com,1999:blog-694927654418634223.post-75107369895140621632023-07-22T18:24:00.004-05:002023-07-22T20:36:02.052-05:00Learning and Research Ideas What's this? Two, yes two posts. Not just in the same year, but even in the same month! What has gotten into me?More TrainingYesterday, I completed a course I started a long while back but never finished. I signed up for the Autopsy 8 hour course from BasisTech (https://dfir-training.basistech.com/) and got around halfway through it but, as often happens with me I got distracted and went Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-35781005483439357972023-07-02T11:53:00.005-05:002023-07-02T13:18:07.450-05:00Forensics/Malware Courses and ToolsI've been working hard on forensic and malware related courses lately and having a lot of fun with it. I had almost forgotten how cool it was working on and learning this material. I thought I'd give a little update on my activities, so here it is. Take your No-Doz, this may be the longest post I've ever done.Forensic and Malware CoursesIn my last post, I mentioned that I was working on the Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com2tag:blogger.com,1999:blog-694927654418634223.post-44802864349516089872023-05-21T10:09:00.003-05:002023-05-21T10:10:49.470-05:00Accomplishments and GoalsHello everyone! I'm back for yet another drive-by blog post. I've had a lot going on since my last post in December and I thought I'd catch you up a little.First and foremost, I graduated! It happened 35 years later than I'd originally intended to, but I finally made it. I graduated with honors from Lincoln Trail College (also my awesome employer) last week. It wasn't something I needed to do, Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-3615106829681721962022-12-19T16:35:00.001-06:002023-05-21T09:30:14.908-05:00A Little Homelab and Life UpdateI'm going to start writing more on my blog. No! Really! You do believe me, right? Ok, can't blame you if you don't. I come back to this from time to time and think this time I'm really going to dive into it, only to get sidetracked in some other direction. I promise I have a good excuse this time.Since I last posted, I have gone back to school on a part-time basis while continuing to work Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-54195825869221545962022-05-30T15:15:00.002-05:002022-05-30T15:15:35.445-05:00Setting up My Learning EnvironmentFirst, welcome to my renamed blog. I couldn't think of a good name for the blog years ago when I first started so I just settled for the most boring name I could think of, "Digital Forensics Blog". Granted, that was the main focus but it was just boring. A while back, I tweeted that I was looking for a better name. Phill Moore suggested Pryor Knowledge which I liked, but I decided to change it toKen Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-85494603789741621752022-05-14T21:05:00.003-05:002022-05-15T09:51:30.254-05:00Ch Ch Ch ChangesI came back to this blog a little over a year ago or so thinking I'd really get back into writing. I was missing talking, thinking, doing and writing about forensics. I still do miss all those things but it seemed like I just couldn't find the time to really do anything about it. My job consumed so much of my time and energy that there just wasn't much left for anything else. My last post here Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-69865262794598195662021-06-06T12:03:00.002-05:002021-06-06T12:03:53.888-05:00Training! Cyber5W, CyberDefenders and moreHello all, thanks for looking in.
As I continue trying to figure out what I want to be if/when I grow up, I'm
finding so many awesome learning resources, including websites that offer basic
introductions to DFIR and other infosec topics along with sites that have
challenges to work through. I mentioned in an earlier post that I was
considering a move toward learning to be a SOC analyst and thatKen Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-9617178804595206532021-04-03T16:46:00.004-05:002021-04-03T21:45:12.107-05:00Running Remnux on a Proxmox ServerOne of techy things I really enjoy is working with virtual machines. I decided to set up a VM server a while back. There are several to pick from, but just for the sake of learning something new I set up a Proxmox Virtual Environment. While the computer I installed it on is ancient (AMD Phenom X4 965 with 8GB RAM), it still seems to run pretty well. I've been running two different Ubuntu server Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-88013223413586121652021-03-19T15:57:00.001-05:002021-03-19T16:08:41.656-05:00Feeling kinda blue (team)Hello all! It took me much longer than I had planned to post again, but life has a way of keeping one busy. Between extra crazy hours at work, spending two weeks in bed "enjoying" the Covid-19 experience and otherwise just being busy as heck, I'm finally back to write a little.In my last post, I said that I felt like it was unlikely I'd work in a digital forensics or any other security role ever Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-11421119967366401252020-10-10T13:22:00.004-05:002021-01-25T21:15:10.814-06:00Where the heck have I been?In the unlikely chance that someone will read this, I thought I'd just say hello and talk about what I've been doing since my last post nearly two years ago. Since then, I've disappeared from and then reappeared on social media and got a new job.I'm currently in a job completely unrelated to anything I've ever done
before. I'm working for a national home improvement store chain in the
Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com2tag:blogger.com,1999:blog-694927654418634223.post-69520064997658947992018-12-04T19:18:00.002-06:002018-12-04T19:18:28.884-06:00DFIR TrainingHello all! Back again, though not as soon as I had thought. Anyway, today I want to tell those who haven't already heard about the training offered by Brett Shavers. His courses have recently moved to a new home at https://www.patreon.com/DFIRtraining. This is where you will find all his current courses, as well as new courses as they come out. All courses are bundled and available for a monthly Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com1tag:blogger.com,1999:blog-694927654418634223.post-54418755460711090602018-08-28T22:06:00.002-05:002021-11-29T04:12:24.992-06:00Life Update, a little Object ID research and MoreIt's been just over two years since I retired from the police department. As a retiree, I've enjoyed a lot of time with my wife, kids and grandkids, spent a lot of hours on my tractor, taken many walks in the woods and generally enjoyed life. As much as I've enjoyed my time off, I've realized I'm too young to be "really" retired.
While trying to figure out what I want to be when (if) I grow up, Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-82690150400692204302017-06-30T10:56:00.002-05:002017-06-30T10:56:17.503-05:00DFIR ReminiscingHello all. I have a new, mostly non-forensics blog that I occasionally post to. I just posted yesterday on a topic that I thought would be interesting to readers of this blog as well. The post is about fun/cool stuff I've acquired over the last few years from conferences and friends. Instead of re-posting it here, just take a look at the post on my Mental Field Trip blog.Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-45422901068779562822017-02-02T16:05:00.000-06:002017-02-02T16:07:43.625-06:002017 Forensic 4:cast Awards Nominations are Open!Just in case anyone still stops by this blog, I wanted to post that nominations are now open for the 2017 Forensic 4:cast Awards. Click HERE to go and nominate your favorites. I think the 4:cast Awards are a very good thing for the DFIR community and encourage you to participate. Thanks to the great Lee Whitfield for continuing to run the awards program every year. Your efforts do not go Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-67867320718855852092016-07-29T16:15:00.001-05:002016-07-29T23:33:21.208-05:00ArchC0n 2016 Hello Dear Readers. I hav returned to the blogosphere (I hate that term) to remind you of a great security conference coming up. ArchC0n 2016 will be held August 26 at the Hyatt Regency in St. Louis.
This will be the third annual ArchC0n and once again it looks like it's going to be a great one. I've attended the previous events and had a great experience with each. I cannot recommend thisKen Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com2tag:blogger.com,1999:blog-694927654418634223.post-32128378675736313722016-04-05T21:53:00.003-05:002016-04-05T21:53:26.056-05:00Farewell to a FriendAs many of you know already, our friend and fellow forensics practitioner, Ken Johnson, was killed last night when the vehicle he was riding in was struck by a drunk driver. To say that those who knew him are saddened by this is an understatement. Ken was a great guy and great at DFIR.
When Windows 8 arrived on scene, Ken began studying its file history and other related features. He became an Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com1tag:blogger.com,1999:blog-694927654418634223.post-52576142256779172622016-02-24T16:44:00.001-06:002021-04-05T10:36:02.588-05:00The EndThe time has come to say farewell. My time in both law enforcement and in digital forensics is rapidly coming to an end. I have reached the age at which I decided long ago I wanted to retire from police work.
Despite my occasional gripes, law enforcement, specifically my department, has been very good to me and I am grateful. It has been an exciting, boring, depressing, thrilling, scary and Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com2tag:blogger.com,1999:blog-694927654418634223.post-26945175838943792542015-05-13T09:01:00.002-05:002015-05-13T09:01:35.053-05:00AddendumI completely forgot to mention something in my last post. My friend Tom is doing a Year of Python series on his Ram Slack blog. He is posting a new Python 2 project each week for a whole year in his quest to learn. He's doing some very cool stuff and I recommend you check it out.Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-52282475710341520002015-01-09T11:51:00.000-06:002015-01-09T18:26:59.042-06:00Nominations Open for 2014 Forensic 4cast Awards!Hello all,
As the title of this post states, nominations are now open at the Forensic 4cast website for this years awards. These awards ceremony has become a highly anticipated event each year at the SANS DFIR Summit in Austin, Tx. I'm proud to say I've been nominated twice and won once, winning the 2013 Digital Forensic Blog of the Year.
I've already got some nominations in mind for this Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-37934412801318733002015-01-02T20:51:00.001-06:002015-01-02T20:51:33.698-06:00Happy New Year!I have been absent from the blogging scene for a while now (again). To be honest, I haven't had a great deal worth writing about and didn't really have time anyway. I did want to mention a couple things, though.
I was pleasantly surprised to be nominated for election to the board of the Consortium of Digital Forensic Specialists and even more surprised to find out I got elected. I gave it Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com2tag:blogger.com,1999:blog-694927654418634223.post-3193849965539934582015-01-01T18:20:00.002-06:002015-01-01T18:20:38.823-06:00Book Review--Penetration TestingWelcome to the long overdue review. I was contacted by the good people at No Starch Press early in 2014 and asked if I would like to review Penetration Testing by Georgia Weidman when it came out. I jumped at the chance, as I had no background in pen testing, but I've always found the subject interesting. I thought learning about attack techniques might help me be a better forensic investigator Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-21319644547444708982014-09-08T18:44:00.002-05:002014-09-08T19:37:31.119-05:00ArchC0NThis past weekend, I was fortunate enough to attend the inaugural ArchCON in St. Louis, MO. It would be a massive understatement to say that I had a great time. I came away from the event feeling like my time had been well spent and that I had learned a lot.
The two-day event included optional training courses (for extra fee) on Friday. The two available courses were Malware Analysis, taught by Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com1tag:blogger.com,1999:blog-694927654418634223.post-55768271966167730282014-07-13T17:15:00.002-05:002014-07-13T17:33:15.959-05:00From China with Love? (Part 2)In part 1 of this series, I detailed an intrusion to my SSH honeypot. If you didn't read part 1, you might want to for background info before reading this one.
Linux forensics/incident response is a new thing for me. I've never had occasion thus far to conduct a "real" investigation into a Linux machine. This "intrusion" into my honeypot inspired me to conduct my own attack and investigation so Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com0tag:blogger.com,1999:blog-694927654418634223.post-11506231280221535262014-07-06T21:03:00.000-05:002014-07-06T23:01:01.966-05:00Windows Forensic Environment Training Course ReviewAs I mentioned in my last post, Brett Shavers is offering a free course on the Windows Forensic Environment (WinFE). If you've never heard of WinFE, it's a Windows Forensic boot CD and it's highly customizable for your individual needs. In the past, the build process was a bit cumbersome, but several different improved ways of building it have since been created. Brett has been a champion of Ken Pryorhttp://www.blogger.com/profile/06777221347861058406noreply@blogger.com1