Having fun while learning about and pivoting into the world of DFIR.
by ogmini
I’ve got a lot of pokers in the fire right now. Some are personal challenges, some professional, some pure curiosity — but all of them are active. At any given moment, I’m juggling half a dozen tasks that feel urgent or important, or just too interesting to let go. So I figured I’d step back for a moment and write them all out — to share what I’m working on, and maybe to get a better handle on it myself.
I’ve been digging into the Windows registry hives tied to UWP and Windows Store apps. It has been enlightening digging into the Microsoft documentation and writing test applications to carefully control variables — but it’s turning into a solid forensic rabbit hole. I’m working on building a RegistryPlugin to parse these structures more cleanly, and hoping it might help others working in DFIR make sense of modern app traces.
In parallel, I’ve been revisiting older versions of Windows Notepad in order to document changes and write a Changelog. Honestly, it’s fascinating to see how such a simple tool has changed over time, especially in how it interacts with the system. I’m digging into version differences, behaviors, and system footprints. It’s part nostalgia, part forensic relevance, and part “let’s see where this goes.”
BelkaCTF is one of the great, free CTFs — solid challenges, good energy, and just enough pain to be worth it. With the competition coming up soon, I’m getting my environment tuned and trying to fit in some warm-up exercises between everything else.
I’m nearly finished polishing a talk proposal about how contributing to open-source tools like KAPE and others can help people grow in the DFIR space. The core idea is close to home — it’s how I’ve learned, networked, and stayed sharp. I just need to finish refining the abstract and send it off. (The window to submit is getting tight, so that’s climbing up the priority list fast.)
This one keeps floating near the top of my to-do list, and I keep dragging it forward like a calendar appointment I’m not ready for. I’ve done the prep. I’m close. I just need to pull the trigger and schedule the exam date. It’s less about readiness and more about making the time — which, right now, is at a premium.
And of course, there’s my full-time role as CIO. The day job doesn’t pause while I dig through registry keys or prep for a CTF. Strategy, operations, budgeting, team development — all still happening. It’s a role I care deeply about, and it keeps me grounded. But it also means everything else happens in the margins — early mornings, late nights, stolen pockets of time.
All of these things matter to me. I’m not doing them out of obligation — I’m doing them because they’re interesting, challenging, or meaningful. But that doesn’t make the load any lighter.
Sometimes, having too many pokers in the fire means none of them get hot enough. So this week, I’m trying to bring a bit more focus:
I don’t need to drop everything — I just need to manage the heat better.
If you’ve got your own pile of projects and personal challenges, I see you. It’s not easy juggling curiosity, responsibility, and ambition — especially when they all light up at the same time. But writing it out helps. Prioritizing helps. Even just acknowledging the chaos helps.
Here’s to fewer pokers — and more meaningful heat.
tags: #Musings