Brett's Ramblings

View all
Bitcoin Forensics
Digital Forensics
  • Making Ham Sandwiches in DFIR

    Following up on some points made about DFIR writing on Twitter, here are my opinions on the subject of writing up your work in DFIR: 1: Write it up (or else your work didn’t happen) 2: Write it for your audience (or it won’t matter what you did anyway) If you follow those two tips,…

    Sunday February 18

    in Digital Forensics by Brett Shavers

    275 hits

  • DFIR Case Studies #7

    As I was going through Case Studies #7, I found several some reminders on tips for working a case. The simple obstacles that make some investigators quit only make others drive forward with creativity. One example is the suspect in Case Study #7 using open WiFi to be anonymous. Sometimes, investigators quit once they find…

    Thursday February 15

    in Digital Forensics by Brett Shavers

    411 hits

  • How many exposure dollars do you need to buy a cup of coffee?

    I am always flattered to be asked to speak in front of an audience on something that I know something about. I have fun sharing information with great people about the ‘secrets’ on how to do neat things in forensics and investigations. However, I find it odd to be asked to speak at conferences out…

    Saturday February 03

    in Digital Forensics by Brett Shavers

    270 hits

  • Rub some dirt on it.

    Failing hurts helps. Not that long ago, I would listen in awe at the DFIR experts presenting at conferences and wondered how some people can just glide right through this work like a slip-n-slide without taking a second breath. I mean, this work is usually pretty difficult to do but easy to make a mistake.…

    Tuesday January 16

    in Digital Forensics Speaking by Brett Shavers

    566 hits

  • Don’t look back. Try to keep up. This is #DFIR.

    I do a lot of peer-reviews. Much like a case study (another one is coming up by the way…), a peer-review of the sort I am talking about is a line-by-line read of a forensic analyst’s report. Then reading it again, then again, and a few more times, all the while red-lining items of interest.…

    Friday December 29

    in Digital Forensics by Brett Shavers

    673 hits

  • X-Ways Forensics & eDiscovery

    Following up on a discussion with an eDiscovery consultant, I wanted to show how X-Ways Forensics is a good (if not better at times) tool to have for the eDiscovery folks in ESI collection jobs. Not that XWF can replace eDiscovery tools, but certainly can complement collection efforts. I would even go as far to…

    Sunday December 10

    in Digital Forensics by Brett Shavers

    704 hits

  • When you think you know enough

    If you ever have a day in the DF/IR field when you think you know enough, take the rest of the day off and reflect a bit before doing any more work. The reasoning is that we can never know enough, in the DF/IR field or any field. Usually, there is something that kicks me…

    Thursday November 23

    in Digital Forensics by Brett Shavers

    553 hits

  • DFIR Mentors. You just might be one and not know it.

    If you share information, openly discuss that which you can, and sincerely try to help others in the DF/IR field, you are probably someone’s mentor and do not even know it. I have always understood the term of “mentor” seriously as it implies a responsibility to teach others, and also suggests that you know a…

    Monday November 20

    in Digital Forensics by Brett Shavers

    624 hits

  • Bitcoin Forensics | Investigating Cryptocurrency Crimes Online's coming...

    You knew this was coming. A course in cryptocurrency investigations. There is no faster and comprehensive method to learn cryptocurrency investigations than to take a class in it and study a book about it. As the book is being written, the course is being developed alongside the book as a companion to the book. If…

    Monday November 20

    in Digital Forensics Books Bitcoin Forensics by Brett Shavers

    1043 hits

  • Thinking of Writing a #DF/IR Book? Here’s a tip that may or may not work out for you.

    I am very open on my opinions about writing books, specifically DF/IR books. I encourage anyone who is thinking about writing a DF/IR book to write away and start right away! The longer you wait, the more likely someone else will write the book you wanted to write. Over the years, I have been asked…

    Friday November 17

    in Digital Forensics by Brett Shavers

    1131 hits

  • DF/IR Case Studies

    I've made three case studies so far and will have a fourth up this week. From the feedback I've asked in a short survey about the case study series, here are the results: The case studies are beneficial, useful, and job relevant. The presentation format works (weekly to bi-weekly case studies). Length is appropriate (between…

    Tuesday November 14

    in Digital Forensics by Brett Shavers

    523 hits

  • The last thing we want in DF/IR is the first thing we need in DF/IR (aka: regulations...)

    As teenagers, we never liked rules growing up. Curfews. Chores. Homework. But we know now that the rules were good for us. It seems like nothing has changed for those of us in the DF/IR field. We don’t particularly want to be regulated simply because, like when we were teenagers, we know what is best…

    Monday November 13

    in Digital Forensics by Brett Shavers

    1129 hits

  • Sharing is caring

    One thing about the DFIR blogs is that they tend to bounce off each other. This is a good thing because tidbits of gold nuggets can be expanded upon with different perspectives and experiences. Never in human history have we ever been able to instantly connect world-wide to increase our knowledge base, especially in the…

    Tuesday October 31

    in Digital Forensics by Brett Shavers

    977 hits

  • A bundle of case studies and X-Ways Forensics Practitioner's Guide training

    ************UPDATE 10/29**************** Case studies 2 has been published. It's the Mr Fuddlesticks case. ****************************************************** Out of the 100+ viewers of the case study I did last week, a bit more than half completed a survey with most of those including comments on the case study in regards to what they want to see. With that,…

    Sunday October 29

    in Digital Forensics by Brett Shavers

    984 hits

  • Case studies are more helpful than you may think

    Today’s presentation on a case study was an example of what I have been doing for many years – figuring out how other people do the job… I first started doing case studies when I made narc detective years ago. I can’t lay claim to having had the worst training officer in the narc world,…

    Monday October 23

    in Digital Forensics by Brett Shavers

    1321 hits

  • Drop the mic...please.

    Well...that didn't work out so well, did it? I had a serious audio problem with the webinar today, from which I learned to mute attendees for the next time that someone doesn't mute their mic. My fault on the audio, but on to the positive with the webinar: I'm going to make another (two more)…

    Tuesday October 17

    in Digital Forensics by Brett Shavers

    661 hits

  • If you are a “Self-Proclaimed Hacker” looking for a job in LE…

    We are almost fully into the computer-age. In nearly every aspect of our lives and jobs, computers* in some form or another, are integrated. This means that if you have the inclination and ability to work with computers, your time has come. The world is your oyster as the doors are not only open with…

    Thursday October 12

    in Digital Forensics by Brett Shavers

    776 hits

  • Case study - Placing the Suspect Behind the Keyboard

    Not too long ago, I read an article where the state’s largest cocaine bust happened because the driver was stopped for speeding. The first thing I thought was, “Speeding…yeah, right”. So, I called a good friend of mine who I worked some cool drug cases with and asked if that was his case. But of…

    Monday October 09

    in Digital Forensics by Brett Shavers

    1029 hits

  • Free Webinar - Tips and Case Studies on Placing the Suspect Behind the Keyboard

    I had coffee with a detective (ie...consulted on a case....) to discuss his case where tying a person to one specific device was necessary for criminal charges in an overly complex investigation. There were a few things I learned and a few things he learned because of our talk. I think it would beneficial to…

    Tuesday October 03

    in Digital Forensics Speaking by Brett Shavers

    976 hits

  • Placing the Beard Behind the Keyboard News reporting does an injustice to the work done in cases like these, only because the articles make it sound so easy. But this particular case illustrates placing the suspect behind the keyboard using several methods that are sometimes overlooked (but of course, these methods and more are described in both my online course…

    Thursday September 28

    in Digital Forensics by Brett Shavers

    865 hits

  • Some of your cases probably already have cryptocurrency evidence in them...

    The Bitcoin Forensic book is moving forward with a fantastic addition of a tech editor: Heather Mahalik!. I could not be more honored than to have Heather as the tech editor. If you are reading this, you already know who Heather is in the DFIR community, but if not, take a look here: Heather's Bio.…

    Sunday September 24

    in Digital Forensics Books Bitcoin Forensics by Brett Shavers

    787 hits

  • “Forensically Sound”. One of those phrases that is commonly used, misused, unused, and abused.

    Disclaimer: This is my opinion, which is not a legal opinion. I call it Brett's Opinion. But along with that, I have identified, seized, analyzed, requested analysis, checked-in/out, transferred/assumed custody, and had entered into court cases thousands of items of evidence from electronic data to brain matter. This short post is to give my opinion…

    Friday September 08

    in Digital Forensics by Brett Shavers

    1386 hits

  • When “intent” is an element of the crime, you better find the intent.

    Proving intent can give you the dickens of a time. It’s easy to prove what happened. And it is mostly easy to prove how it happened. Many times you can even prove who caused it to happen. But the stickler is always the why (aka: intent or reason). A murder-for-hire case I solved some years…

    Sunday September 03

    in Digital Forensics by Brett Shavers

    887 hits

  • Luck has nothing to do with it if you are good at what you do.

    When the bad guy is caught because the bad guy made a mistake, that does not mean bad luck for the bad guy or good luck for the good guy.   It just means that the investigator not only caught the mistake, but ran with it.  This takes effort and skill, not luck.   If you want to…

    Saturday August 26

    in Digital Forensics by Brett Shavers

    940 hits

  • Kicking in the wrong doors

    I like reading Brian Krebs’ blog.  Brian is awesome at tracking hackers and writing about it.  While reading his latest post, Blowing the Whistle on Bad Attribution, my internal response was to keep repeating, “yes yes yes”. I’m not going to get into his blog post other than recommend it as a good read about…

    Friday August 18

    in Digital Forensics by Brett Shavers

    824 hits