In today’s cybersecurity landscape, speed is often treated as the ultimate objective. Organizations are racing to adopt AI-driven technologies, automate workflows, reduce response times, and deliver faster outcomes. Digital forensics is no exception. Forensic examiners increasingly rely on tools that automate large parts of the analysis process, helping reduce the time required for complex investigations.
But this raises an important question: at what cost?
While automation and AI can be extremely powerful, they should never replace the examiner’s understanding of forensic principles, artifacts, and investigative methodology. When practitioners become overly dependent on tools, there is a risk of falling into what is often called “push-button forensics”: the ability to produce results only when a tool is available, without fully understanding how those results were generated or how to validate them.
This is exactly where foundational training becomes critical.
The IACIS Basic Computer Forensic Examiner (BCFE) course takes participants back to the fundamentals. Students are exposed to a wide range of core forensic concepts, including how file systems operate, how data is stored and recovered, how to interpret hexadecimal patterns, and how to manually carve deleted files from a hard drive. The course also covers how forensic artifacts are created and stored, how to navigate and interpret the Windows Registry, how to examine browser activity, and how to connect different artifacts together to build a clearer investigative timeline. These are not just academic exercises. They are essential skills that allow forensic examiners to understand what is happening beneath the surface, validate what forensic tools report, and, when needed, go beyond the capabilities of a tool to uncover hidden traces.
I had the honor of being selected as a volunteer row coach for the main IACIS BCFE training event, which took place in Orlando, Florida. In this role, my responsibility was to support students throughout an intense and demanding training experience, help them stay aligned with the lectures and practical exercises, and answer questions whenever they needed guidance.
Being part of this DFIR event, alongside hundreds of students, volunteers, instructors, and vendors, was an incredibly rewarding experience. It was an opportunity to refresh my own knowledge, exchange ideas with other practitioners, meet old friends, make new ones, and even spend some time with the Electronic Surveillance Detection (ESD) K9 dogs, which were easily among the highlights of the event.
Returning to Obrela, I brought back much more than souvenirs and conference swag. I brought back knowledge nuggets, forensic nuances, practical reminders, and renewed appreciation for the fundamentals that underpin high-quality incident response and digital forensic work.
For Obrela, participation in events like IACIS BCFE is not only a professional development opportunity. It directly strengthens our capability as a cybersecurity team. In incident response, we are often required to handle a wide range of cases, from relatively simple threat actor tradecraft to highly advanced and complex intrusions. The ability to understand forensic artifacts deeply, challenge assumptions, and validate tool output is essential to delivering accurate and defensible results.
This ultimately benefits our clients as well. In the middle of a cyber incident, clients need more than fast answers; they need answers they can trust. By strengthening our forensic fundamentals, we are better positioned to validate evidence, interpret artifacts correctly, identify what truly happened, and provide clear, defensible conclusions. Tools help accelerate the process, but expertise gives confidence in the outcome. That distinction matters during critical incidents, where decisions must be made quickly, but also correctly.
I can’t ignore how instantly Obrela supported my participation. That kind of support reflects a genuine commitment to technical excellence, continuous improvement, and the development of its people, something I’m proud to be part of. It also embodies the mindset cybersecurity demands: staying current, staying curious, and never losing touch with the fundamentals.
To the students I had the privilege to support at the event, and to all participants, my message is simple:
“Tools can help you find the evidence, but your knowledge helps you understand it, validate it, and defend it. Never stop learning the fundamentals, because they are what make you more than just a tool operator.”
Evangelos Dragonas, IR Expert
