Those who understand the capabilities of their evidence sources know the bounds of the investigative playing field. Every time you learn something new about an evidence source, the field gets bigger!
The days of getting by on expertise in one type of evidence are over -- you need to understand multiple types or your investigative questioning will suffer. One of the best ways to expand your ability is to dive head first into new evidence sources.
Most of us got started with either a focus on network or disk based evidence. You'll see the biggest gains in your ability by focusing on the realm you have less experience with.
If you want to spend time focusing on the network side, look at packet capture and subsets like flows and @Zeekurity logs.

For the disk side, look at OS logs, methods of proving app execution, file system artifacts, and the Windows registry.

These are just a start.
Remember to be deliberate in your research -- you have a specific goall to increase the type and quality of investigative questions by expanding your evidentiary playing field.
You can follow @chrissanders88.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more