Dr. Brian Carrier

Brian founded Sleuth Kit Labs to enable front line digital investigators to effectively fight digital crime. The team he leads was part of BasisTech for 15 years prior to spinning out in 2023. Brian is the author of the book File System Forensic Analysis and developer of several open source digital forensics analysis tools, including The Sleuth Kit and Autopsy. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab and incident response team. Brian is the chairperson for the Open Source Digital Forensics Conference (OSDFCon) and ResponderCon. He has also been on the committees of many conferences, workshops, and technical working groups, including the Annual DFRWS Conference and the Digital Investigation Journal.

Posts by Dr. Brian Carrier

How To Investigate Endpoints with Cyber Triage and Windows Defender
DFIR Next Steps: What to do after you find a suspicious Windows Network Logon Session
3.7 Release – Custom File Collection & MITRE ATT&CK
Sandboxing Malicious Files: Recorded Future Triage Integration
3.6 Release – Processes, OS Accounts, and Indicator Exports
Analyzing KAPE DFIR Artifacts in Cyber Triage
3.5 Release – Merging artifacts, viewing source files, and anomalous logons
ResponderCon 2022 Ransomware Videos (Batch 1)
Cyber Triage Lite – Identifying OS Configuration
Cyber Triage Lite – Identifying Malware
Cyber Triage Lite – Analyzing User Activity
Cyber Triage Lite – Network, Disk Image, and Memory Inputs
Cyber Triage Lite – Intro and USB-based Collection
Cyber Triage 3.1.0: Artifact Searching and OS Settings
General Purpose vs Specialized Digital Forensics Tools
Cyber Triage 3.0.2: Ransomware & Encrypted Database Detection
Cyber Triage on Azure: DFIR in the Cloud
Cyber Triage on Google Cloud: DFIR in the Cloud
Cyber Triage on AWS: DFIR in the Cloud
Cyber Triage 3.0 Is Out!
Cyber Triage Gives Back to Autopsy
Cyber Triage 2.14.4 – Detect Exchange WebShells
Our 100% Unbiased 4:cast Awards Nominations
Cyber Triage 2.14.3 Upload DFIR Artifacts to S3 Using Temporary Credentials
Cyber Triage 2.14.2 Adds Features Based on SolarWinds Orion Incident
How to Get Your Data & Services Back Online: Ransomware Recovery 2021
How to Beat Ransomware in 2021: Key Questions that Make or Break Your Response
Cyber Triage 2.14: Upload Your DFIR Artifacts to S3
Cyber Triage 2.13.1: Feedback-Driven Upgrades (See, We Listen!)
Cyber Triage 2.13: Offline Malware Scanning Now Available
How to Execute During Incident Response: OODA for DFIR 2020
Cyber Triage 2.12: Online File Reputation Service is Released
How to Make Data-Based Decisions During Incident Response: OODA for DFIR 2020
How to Orient During the Incident Response Process: OODA for DFIR 2020
How to Observe During the Incident Response Process: OODA for DFIR 2020
Version 2.11 Features: Investigation History, Timeline Filtering, and More!
How to Use OODA Loop in Your Incident Response Process in 2020
Cyber Triage 2.10 Features: Visualization, Exporting, and More
How to Detect System Configuration Changes – Intro to Incident Response Triage (Part 9) in 2019
How to Detect Malware Remnants – Intro to Incident Response Triage (Part 8) in 2019
How to Detect Running Malware – Intro to Incident Response Triage (Part 7)
Incident Response Recommendation Engine: “You may like this process based on your interest in this file”
Intro to Incident Response Triage (Part 6) in 2019: Malware Persistence
Intro to Incident Response Triage (Part 5) in 2019: User Activity
How to Investigate User Logins – Intro to Incident Response Triage (Part 4) in 2019
Collect Arbitrary Files Any Time During Incident Response
Intro to Incident Response Triage (Part 3) in 2019: User Enumeration
How to Speed Up Incident Response in 2019: Faster Scoping
Queue Incident Response Collections to Triage and Prioritize
How to Speed Up Incident Response in 2019: Faster Analysis (Part 2)
Finding Intrusion Evidence in the Same Folder
How to Speed Up Incident Response in 2019: Analyze Faster (Part 1)
How to Speed Up Incident Response in 2019: Faster Artifact Collection
How to Speed Up Incident Response in 2019: Start the Investigation Faster
Incident Response KPIs: SPEED Is Critical. Here Are Five Reasons Why.
Collect Faster by Collecting Less
ReversingLabs Integration Improves Malware Scanning
Use of PsExec That Doesn’t Reveal Password Hashes
It’s About Time(lines)!
Volatility integration in Cyber Triage to Analyze Memory
Search For Advanced Malware In Cyber Triage Using Yara Rules
Integrate with Splunk for Faster Alert Triage
Phantom Integration Allows for Faster Responses
More Changes To Make Your Response Faster
Analytics Make User Account Investigations Easier
Intro to IR Triage (Part 2): Analysis Categories
Intro to IR Triage (Part 1): Buyer’s Guide
Get Free Incident Response Software
Cyber Triage Has a New Look
Exposing More Data to Save Time
Finding Suspicious Program Activity
Dig Deeper: Find More IOCs and Fast Flux Domains
Automating Incident Response: Setting the Stage
Maturing towards Team-Based Incident Response
Make Better Use of IDS Alerts for Incident Response
Can DIY Incident Response Scale?
Tailoring the Triage Process for Better Results
Prioritizing Endpoints Helps to Focus Incident Response
Understanding Your Client’s “Normal”
Can Security Infrastructure Work for Fly-Away Incident Responders?
Reducing Response Time with Whitelisting
Maximizing Your Non-Persistent Agent’s Effectiveness
Do You Need Persistent Agents to Fight Persistent Threats?
What is in your CSIRT First Responder’s Jump Kit?
Cyber Triage: Act Faster!
Is Cybersecurity Legislation for the Private Sector on the Horizon?
Data Breach Incident Detection, What Now?

Blog

Key Features

Recent Updates

Resources

Connectors

Training

Dr. Brian Carrier

CEO

Posts by Dr. Brian Carrier