Email the Author

You can use this page to email Andrew Rathbun, ApexPredator, Kevin Pagano, Nisarg Suthar, John Haynes, Guus Beckers, Barry Grundy, Tristram, Victor Heiland, Jason Wilkins, Mark Berger, and Evangelos Dragonas about The Hitchhiker's Guide to DFIR: Experiences From Beginners and Experts.

Please include an email address so the author can respond to your query

This message will be sent to Andrew Rathbun, ApexPredator, Kevin Pagano, Nisarg Suthar, John Haynes, Guus Beckers, Barry Grundy, Tristram, Victor Heiland, Jason Wilkins, Mark Berger, and Evangelos Dragonas

This site is protected by reCAPTCHA and the Google  Privacy Policy and  Terms of Service apply.

About the Book

DFIR = Digital Forensics and Incident Response

This is a book written for the DFIR community, by the DFIR community.

This book will continue to be updated as the authors complete more chapters. For more information on the development and progress of this book, go here.

Version 1.0 was released on 8/15/2022 with an introduction and ten chapters. As more chapters are completed, subsequent versions will be released. When all is said and done, the final chapter count should be around twenty. The completion percentage will be based on twenty chapters for the time being. Every chapter published is a completed work product, but the book itself is still building up to its end goal of twenty chapters.

Profits from this book have been and will continue to be donated to the National Center for Missing & Exploited Children (NCMEC). Thank you for your support!


About the Editors

Andrew Rathbun’s avatar Andrew Rathbun

@bunsofwrath12

Andrew Rathbun is a DFIR professional with multiple years of experience in law enforcement (sworn and civilian) and the private sector. Andrew is involved in multiple community projects, including but not limited to: the Digital Forensics Discord Server and multiple GitHub repositories.

ApexPredator’s avatar ApexPredator

ApexPredator is a cybersecurity professional who also happens to be the top of the food chain. ApexPredator holds several cybersecurity related certifications to include OSCE3, OSCP, GPEN, GWAPT, GREM, GXPN, GCIA, GCIH, GSLC, and GSEC.

Kevin Pagano’s avatar Kevin Pagano

@kevinpagano3

Kevin Pagano is a digital forensics analyst, researcher, blogger and contributor to the open-source community. He holds a Bachelor of Science in Computer Forensics from Bloomsburg University of Pennsylvania and a Graduate Certificate in Digital Forensics from Champlain College. Kevin is a member of the GIAC Advisory Board and holds several industry certifications, including the GIAC Advanced Smartphone Forensics (GASF), GIAC Certified Forensic Examiner (GCFE), and GIAC Battlefield Forensics and Acquisition (GBFA), and the Certified Cellebrite Mobile Examiner (CCME) among others.

Kevin is the creator of the Forensics StartMe page and regularly shares his research on his blog stark4n6.com. He is a published author with multiple peer-reviewed papers accepted through DFIR Review. Kevin also contributes to multiple open-source projects, including but not limited to ALEAPP, iLEAPP, RLEAPP, CLEAPP and KAPE.

Kevin is a regular competitor in the digital forensics CTF circuit. He has won First Place in the Magnet User Summit DFIR CTF 2019, the Magnet Virtual Summit DFIR CTF 2021, the Magnet User Summit DFIR CTF 2022, the Magnet Weekly CTF 2020, the Wi-Fighter Challenge v3 CTF, the Belkasoft Europe 2021 CTF, and the BloomCON CTF in 2017, 2019, 2021 and 2022. He additionally is a SANS DFIR NetWars Champion and NetWars Tournament of Champions winner and has earned multiple Lethal Forensicator coins. Kevin is a 4-time Hacking Exposed Computer Forensic (HECF) Blog Sunday Funday Winner.

In his spare time, Kevin likes to drink beers and design DFIR-themed designs for stickers, clothing, and other swag. You can find him lurking on Twitter (https://twitter.com/kevinpagano3) and on the DFIR Discord.

Nisarg Suthar’s avatar Nisarg Suthar

@nisargsuthar12

Nisarg is an independent researcher, a blue teamer, CTF player and a blogger. He likes to read material in DFIR; old and new alike, complete investigations on platforms like CyberDefenders and BTLO, and network with other forensicators to learn and grow mutually.

John Haynes’s avatar John Haynes

John Haynes works in law enforcement with a focus on digital forensics. John holds several digital forensics certs including Cellebrite Certified Mobile Examiner (CCME) and Magnet Certified Forensics Examiner (MCFE) and also holds the networking Cisco Certified Network Associate (CCNA) certification. Having only been active in digital forensics since 2020, his background as a curious nerd has served him well as he has just started exploring what digital forensics has to offer.

Guus Beckers’s avatar Guus Beckers

A life long IT aficionado, Guus Beckers (1990), completed the Network Forensic Research track at Zuyd University of Applied Sciences as part of his bachelor’s degree. In 2016 he attained his university master degree at Maastricht University by completing the Forensics, Criminology and Law master’s program. Guus currently works as a security consultant at Secura where he leads the forensic team in addition to performing penetration testing. 

Barry Grundy’s avatar Barry Grundy

Barry Grundy has been working in the field of digital forensics since the mid 1990s. Starting at the Ohio Attorney General's office as a criminal investigator, and eventually joining U.S. Federal Law Enforcement as a digital forensics analyst and computer crimes investigator in 2001. He holds a Bachelor of Science in Forensic Science from Ohio University, and A Master's Degree in Forensic Computing and Cybercrime Investigations from University College Dublin.

Barry is the author and maintainer of the Law Enforcement and Forensic Examiner's Introduction to Linux ([LinuxLEO (https://linuxleo.com)). This practical beginner's guide to Linux as a digital forensics platform has been available for over 20 years and has been used by a number of academic institutions and law enforcement agencies around the world to introduce students of DFIR to Linux. Teaching, particularly Linux forensics and open source DFIR tools, is his passion.

Tristram’s avatar Tristram

@JDTristram

An avid blue team leader helping to secure the healthcare industry. Despite being blue team focused, Tristram brings the enemy mindset to the table through various offensive skillsets in order identify gaps and validate existing controls. Cybersecurity is a field that will always have its place as the threat of cybercrime continues to grow, and through knowledge sharing we can help bridge that gap; Be the resource you always wish you had, and we will all be better off for it.

Victor Heiland’s avatar Victor Heiland

Breaker of things (mostly things that they shouldn't break). Writer of broken code. s3raph has worked in DFIR, Threat Hunting, Penetration Testing, and Cyber Defense and still somehow has a job in this field.

Jason Wilkins’s avatar Jason Wilkins

@TheJasonWilkins

After serving in the US Navy for five years, Jason Wilkins began a career in firefighting and emergency medicine. While serving the community in that capacity for fourteen years he obtained associates degrees in criminal justice and computer networking from Iowa Central Community College online. He left the fire department in 2014 to pursue a network analyst position working for a global tire manufacturer. Disillusioned by a lack of mission and purpose, he returned to public safety in 2019 and began working as a crime & intelligence analyst for the local police department. It was there that he developed the agency's first digital forensics lab and started the N00B2PR04N6 blog. In 2020 he was nominated as Newcomer of the Year in the Digital Forensics 4:Cast awards and has spoken at both the SANS Digital Forensics and Magnet Forensics Summits. He currently works as an overseas contractor teaching digital forensics and is also an adjunct instructor for digital forensics and incident response at Iowa Central Community College.

Mark Berger’s avatar Mark Berger

Instagram

Mark Berger is a data recovery professional, author and trainer which also holds several digital forensics related certifications, including but not limited to CDFE and CDFP. He is also involved in a few opensource-projects in the data recovery and digital forensics field.

Evangelos Dragonas’s avatar Evangelos Dragonas

@theAtropos4n6

Evangelos Dragonas is a PhD candidate at the Department of Digital Systems, University of Piraeus (Greece). His research focuses on the field of Digital Forensics, with a particular interest in IoT Forensics. He works as a Digital Forensics Examiner and holds CFCE, MCFE, and MCME certifications.

Logo white 96 67 2x

Publish Early, Publish Often

  • Path
  • There are many paths, but the one you're on right now on Leanpub is:
  • Thehitchhikersguidetodfirexperiencesfrombeginnersandexperts › Email Author › New
    • READERS
    • Newsletters
    • Weekly Sale
    • Monthly Sale
    • Store
    • Home
    • Redeem a Token
    • Search
    • Support
    • Leanpub FAQ
    • Leanpub Author FAQ
    • Search our Help Center
    • How to Contact Us
    • FRONTMATTER PODCAST
    • Featured Episode
    • Episode List
    • MEMBERSHIPS
    • Reader Memberships
    • Department Reader Memberships
    • Author Memberships
    • Your Membership
    • COMPANY
    • About
    • About Leanpub
    • Blog
    • Contact
    • Press
    • Essays
    • AI Services
    • Imagine a world...
    • Manifesto
    • More
    • Partner Program
    • Causes
    • Accessibility
    • AUTHORS
    • Write and Publish on Leanpub
    • Create a Book
    • Create a Bundle
    • Create a Course
    • Create a Track
    • Testimonials
    • Why Leanpub
    • Services
    • TranslateAI
    • TranslateWord
    • TranslateEPUB
    • PublishWord
    • Publish on Amazon
    • CourseAI
    • GlobalAuthor
    • Marketing Packages
    • IndexAI
    • Author Newsletter
    • The Leanpub Author Update
    • Author Support
    • Author Help Center
    • Leanpub Authors Forum
    • The Leanpub Manual
    • Supported Languages
    • The LFM Manual
    • Markua Manual
    • API Docs
    • Organizations
    • Learn More
    • Sign Up
    • LEGAL
    • Terms of Service
    • Copyright Policy
    • Privacy Policy
    • Refund Policy

*   *   *

Leanpub is copyright © 2010-2025 Ruboss Technology Corp.
All rights reserved.

This site is protected by reCAPTCHA
and the Google  Privacy Policy and  Terms of Service apply.

Leanpub requires cookies in order to provide you the best experience. Dismiss