Author Archives: Matt Danner

Tips for X-Ways forensics

3 Tips to Get Started with X-Ways

I have used X-Ways and Winhex ever since I started my digital forensics career in 2012, thanks to IACIS, whose BCFE training course uses Winhex to train students to navigate through file systems and file data. These tips are for … Read More

Forensic Case Notes App – Monolith Notes

This is an idea I have had for a while and I finally got some time to put it together. Monolith Notes is a free desktop app that you can use to write your forensic case notes. Before I made … Read More

Programming in DFIR

3 reasons why you should develop programming skills to succeed in digital forensics

Around the internet I keep seeing this topic appear among people interested in working in DFIR. The question is almost posed as “I don’t have to learn to code, right?” like programming is an awful skill to have. The truth … Read More

Get Monolith Setup in 2 Minutes

In this video, I demonstrate how quick and easy it is to get Monolith installed and ready to start managing your forensic casework and evidence. With the SQLite option, Monolith is ready to go in 2 Minutes!

Monolith Update v0.8.1

Here are the new features added to Monolith in this update: Enhanced Evidence Item Edit You can now edit all traits for an evidence item. Any user can edit, but I added very detailed logging of this in the activity … Read More

Weekly Build – v0.6.3

I was going to release this version on Sunday, but there were a couple of critical bugs that were brought to my attention that I wanted to fix asap. The Observer RoleI have added a new user role called “Observer”. … Read More

Monolith Update – v0.6.2

I just released the latest Monolith build today and it has a lot of updates – Bugs – – Fixed charts issue where some stats were showing non-terminating decimal amounts; they now only show 2 decimal places. Features – – … Read More

Monolith v0.5.4 – Release Notes

I just made a major change to Monolith’s backend related to evidence items. Evidence item numbers were previously stored as primary keys in order to enforce globally unique evidence numbers. Based on some feedback I received, I realized that not … Read More

What I’m working on right now

Report Exports: I’m really not happy with the report exports in Monolith right now as they have some bad formatting – especially the case notes export. So right now I’m working through the code that generates the reports (Word Documents) … Read More

Progress Ribbons! Update – v0.4.6

The latest release has some exciting new features that I have been waiting to work on. Progress ribbons are interface elements that allow you to track the progression of cases and evidence. They can be customized to match the workflow … Read More