Independently developed DFIR tools and applied research
This site is used to develop and share investigator-focused DFIR tools and applied research related to digital forensics and incident response, with an emphasis on practical analysis of digital evidence across authentication, audit, and broader investigative data sources.This platform is used to develop and share investigator-focused tools and applied research related to digital forensics and incident response, with an emphasis on practical analysis of authentication activity, audit data, and other investigative artifacts.
All tools and content are independently developed and reflect a focus on structured analysis, detection logic aligned to real-world activity, and clear, defensible output.All tools and content are independently developed and reflect a focus on structured analysis, detection logic, and clear, repeatable output.
*This is an independent project of Steve Rorabaugh and is not affiliated with or endorsed by any organization.
Experience
I am a digital forensics and incident response practitioner with over a decade of experience in cybersecurity, specializing in investigative analysis, incident response, and the analysis of digital evidence.
I began working in digital forensics in 2011, focusing on traditional disk and mobile device examinations within a local government environment. My early work involved supporting investigations through forensic acquisition, analysis, and reporting.
I later joined a state-level organization where I helped establish and develop a digital forensics capability focused on investigative support and fraud analysis. During this time, I operated in both digital forensics and cybersecurity roles, contributing to red team activities, forensic analysis, and security assessments.
My responsibilities expanded to include vulnerability analysis, penetration testing support, and broader security initiatives, eventually transitioning into an Information Security Architect role. In that capacity, I worked on vulnerability management, secure architecture design, and supporting compliance and audit efforts across enterprise systems.
I currently operate in a federal environment conducting digital forensics and supporting cybercrime investigations, with responsibilities that include network intrusion analysis, incident response, and broader DFIR activities. My work involves analyzing diverse digital evidence from cloud-based data sources to disk and mobile device examinations, including emerging sources such as sUAS and other technical artifacts, to produce structured, defensible findings that support investigative and operational needs.
This platform reflects a focus on building practical tools and methodologies that support efficient analysis and the production of clear, actionable results.
This site and all tools are an independent project of Steve Rorabaugh and are not affiliated with or endorsed by any organization.
Core Areas of Work
- Digital forensics and cybercrime investigations
- Network intrusion analysis and incident response
- Disk, mobile, cloud, and emerging evidence sources
- Security architecture, vulnerability management, and assessments
- Structured, defensible technical analysis and reporting
Certifications
- CISSP
- CISM
- GCFA
- GCFE
- GPEN
- GASF
- CFCE
Volunteering
- ISC2 Space Coast Chapter Member
- ISACA Mentor
- GIAC Advisory Board Member
- IACIS CFCE Peer Review Coach
Methodology
The tools and research published here are designed around structured analysis, detection logic, and clear investigative output. The emphasis is on usability and practical application rather than theoretical concepts.
Each tool is built to support repeatable workflows, enabling analysts to efficiently process data, identify anomalies, and produce meaningful results.
What This Site Contains
- Independently developed DFIR tools
- Applied research and technical analysis
- Analysis of authentication, audit, and broader digital evidence sources
- Structured, defensible investigative output