As you can see from the title of this post I'm starting on a series all about automating your work flow when doing DFIR work. It is my belief that our industry as we know it is poised for change due to the work of a few, but mostly in my opinion Joachim Metz. For all the time that I've done DFIR work the biggest lock in that commercial software had that everyone else did not was the ability to work directly against a forensic image. We would always have to resort to using some commercial tool (whether free, semi free or paid for) to get access to the underlying data within a forensic image or a live running system to get at the data we wanted to. With the large set of free and open source libraries now available you can write simple code to automate most of the work you were doing within these forensic tools and have the ability to customize that to your actual need.
more here of part 1......http://hackingexposedcomputerforensicsblog.blogspot.com/2015/02/automating-dfir-how-to-series-on.html
part 2.......http://hackingexposedcomputerforensicsblog.blogspot.com/2015/02/automating-dfir-how-to-series-on_19.html
part 3......http://hackingexposedcomputerforensicsblog.blogspot.com/2015/02/automating-dfir-how-to-series-on_21.html
more here of part 1......http://hackingexposedcomputerforensicsblog.blogspot.com/2015/02/automating-dfir-how-to-series-on.html
part 2.......http://hackingexposedcomputerforensicsblog.blogspot.com/2015/02/automating-dfir-how-to-series-on_19.html
part 3......http://hackingexposedcomputerforensicsblog.blogspot.com/2015/02/automating-dfir-how-to-series-on_21.html