Derek Eiri

Exploring frame-counts-galore and hashing pixel data Derek counts all the video frames and learns a bit about hashing pixels.

I wrote a blog post counting all the video frames with Alexis Brignoni's frame-counts-galore and learn a bit about hashing pixels.

Extracting and Matching Faces with API Forensics’ Exponent Faces Derek writes about detecting and matching faces using API Forensics’ Exponent Faces within X-Ways Forensics

Derek writes about detecting and matching faces using API Forensics’ Exponent Faces within X-Ways Forensics.

Reflecting on 2025 Derek wrote a blog post reflecting on 2025.

Derek wrote a blog post reflecting on 2025.

My kid has been having fun searching/finding things, so I’m gonna go with it.

NVMe Serial Numbers with the Guardonix & USB Stabilizer Derek follows up on a requested feature for DeepSpar's Guardonix and USB Stabilizer.

Derek follows up on a requested feature for DeepSpar's Guardonix and USB Stabilizer.

I visited a LEGO store last weekend and got inspired! I’m going to see about getting a custom minifigure for it.

Leveling up some Digital Intelligence swag.

Exploring the macOS Native Commands Behind Andrea Lazzarotto’s Fuji When Andrea Lazzarotto publicly released Fuji (Forensic Unattended Juicy Imaging), I was actively maturing internal corporate processes to respond to security incidents involving macOS machines. Having experimented with Fuji, it became part of our overall data collection strategy as it is repeatable, accessible and efficient. As of May 2025, Fuji offers three acquisition capabilities: ASR, Rsync, and Sysdiagnose. True to Lazzarotto's goal, Fuji has a user-friendly interface that allows the examiner to logically acquire the entire drive or a single folder that is open source.

Derek explores the macOS native commands used in Andrea Lazzarotto's open-source project, Fuji.

Check out our latest Insights article "Introducing AIM Remote Agent" for some compelling use cases, screenshots, & photos involving computers booted with WinFE (Windows Forensic Environment) & disks shared over networks with Arsenal Image Mounter. arsenalrecon.com/insights/int.... #DFIR

Thought I’d do something fun. Presenting the DFIR_Toolbar. Basically a toolbar that can be anything you want it to be.

https://malwaremaloney.blogspot.com/2025/01/dfirtoolbar.html

About 16 years of service. Replaced it with an Insinkerator Badger 5!

Reflecting on 2024 Derek wrote a blog post reflecting on 2024.

I wrote a blog post reflecting on selected topics from 2024.

mreerie.com/2024/12/27/r...

Placed a few glow in the dark stars in the kids room. These are nice and bright!

S2: DFIRmas Podcast: Derek Eiri YouTube video by ArcPoint Forensics

It was great to chat #DFIR with @arcpoint-amy.bsky.social and Amy Moles in this festive themed podcast. Thank you for having me on!

m.youtube.com/watch?v=U0Zs...

S2: DFIRmas Podcast: Alexis Brignoni Instagram: @4n6_abrignoniYouTube: Alexis BrignoniBlueSky: @abrignoni.comPodcast: Digital Forensics Now (DFN)Resources: https://dfir.pubpub.orgThe Importance...

🎄ArcPoint Forensics DFIRmas Podcast Season 2 Episode 1 is out!
❄️Topic: Validation
🎅Guest: Me!
☃️Subscribe to the channel for more interviews.
🌟Check it out at the link below:
https://buff.ly/4g4U6sk

#DFIR #DigitalForensics #MobileForensics

A Reflection on Continual Growth in DFIR: An Investigative Mindset Derek reflects on continuous improvement of the investigative mindset.

I wrote a blog post reflecting on what I read from Brett Shavers' book, Placing the Suspect Behind the Keyboard: DFIR Investigative Mindset.

An EDC blade for each week of the year!

a fat man in a yellow jacket and suspenders is saying git in mah belleh ALT: a fat man in a yellow jacket and suspenders is saying git in mah belleh

If it’s DFIR related, I want it on my feed.

I built an L-shaped desk in 2016. I’ve made some changes since then. Fortunately, I’ve made extra H-frame legs so I can keep the table tops independent. But today, I had use case to make a stubby table top to turn the L into a T. Just need to add coats of polyurethane, mount, and call it good.

#iLEAPP v2.0.1 out now! #DFIR github.com/abrignoni/iL...

I would like to introduce Lyman. A tool to aid in the creation of “mapping” cstruct files for OneDriveExplorer.

https://github.com/Beercow/Lyman

Linux Forensics with Hal Pomeranz - Antisyphon Training This 32-hour, hands-on course is a quick start into the world of Linux forensics. Learn how to use memory forensics to rapidly triage systems and spot attacker malware and rootkits.

And Hal’s Linux course: www.antisyphontraining.com/course/linux...

I have the following vendors on my roadmap focusing on Mac or Linux:

Linux: Cyber5w and 13Cubed

Mac: Hexordia and Sumuri

FOR518: Mac and iOS Forensic Analysis and Incident Response, Re: SANS FOR518 OnDemand Experience Derek completed the SANS FOR518 course. He's thinking differently.

FOR518: Mac and iOS Forensic Analysis and Incident Response, Re: SANS FOR518 OnDemand Experience

Derek completed the SANS FOR518 course. He's thinking differently.

Sacramento, CA.

The HTCIA Northern California chapter will have our meeting on 12/05. MSAB will be hosting a lunch and learn with a dash of CTF.

Register here: bit.ly/registerctf

Just a picture of chickens to get this thing started.