A new look for DFIR Science
Back in 2008, DFIR Science started as a research blog. It was mostly technical documentation to set up things like OCFA and Debian Live. It was always about sharing information with the community.
One of the first practical projects we worked on was an automated data acquisition and processing system for INTERPOL. It was meant to be a plug-and-play ‘forensic examiner in a box.’ A first responder could plug a hard drive into a suspect system. The automated system would take care of almost everything else. It was cheap, and it worked for basic cases.
We named it the Rapid Evidence Acquisition Project for Event Reconstruction (REAPER). I sketched out a grim reaper holding the Debian spiral since the whole thing was built on Debian live. The Reaper Logo was born.
We developed several previewers, triage and full investigation automation workflows based on minimal hardware. Though they are not maintained, the projects can still be found on SourceForge. We were way ahead of the industry, but open-source software for investigations wasn’t well accepted, and I was too idealistic to commercialize.
I adopted the REAPER image as the (cybercrimetech) DFIR Science logo because I still think it’s cool and has a history. But a lot has changed in fifteen-ish years. Digital forensics matured a lot. We face harder problems, but with a much larger and well-connected community.
DFIR Science is still technical research at the core. But we are way more than a single project. That’s why it is time to make a more consistent look that fits whether we are writing a blog, teaching a course or consulting for a client.
Since we started with computer forensics, we have used a retro computer. Add a fun font, and I think we have something modern that still shows where we are coming from.
I have a lot of fond memories with the REAPER, and I’m still planning on using it for special badges. But it’s time for something different.
As for the new logos, we are still experimenting with when and where to use them. When this is posted, most of the blog will probably include new fonts, images and colours. We will slowly roll out changes on social media in April.
Overall, we hope it makes it easier for investigators to find and engage with digital forensic research and tutorials. Our look might be changing, but the mission is - and always has been - to help investigate crime.