Brett's Ramblings

View all
Bitcoin Forensics
Books
Digital Forensics
Privacy
Speaking
  • Zombie-Cases: Did you ever have a case that just wouldn’t die?

    I just finished up Case Study #8, with one of those types of cases that just won’t die. If you ever had a case like that, you know what I mean. If you don’t know, it simply means that as much as you try to close a case (“kill it”), it keeps coming back to…

    Thursday April 12

    in Digital Forensics by Brett Shavers

    161 hits

  • "I don’t want to learn. Just give me the answer."

    Figure it out It’s been more than a few years since I was in the Marines, even though it still feels like yesterday. Although it has been decades (has it really been that long?), it seems that I am still learning lessons today that the Marine Corps exposed me to back then. I mean that…

    Monday April 09

    in Digital Forensics by Brett Shavers

    507 hits

  • 5 Cool Things You Can Do with the Windows Forensic Environment (WinFE)

    I’m a fan of WinFE. I’ve used it, written about it, helped develop it, taught it, and assisted others to teach it. The way that I talk about it, you’d think that WinFE is the best thing that ever came along, does everything you need in forensics, and nothing can out do what it does.…

    Sunday April 08

    in Digital Forensics by Brett Shavers

    286 hits

  • Make DFIR easier to learn with visual aids (and teach students to share their work)

    In my most recent course that I was teaching, the question of imaging speed came up during the hands-on imaging practicals (it's always the same question, "How can I make it go faster?"). My go-to illustration of imaging tests has been referring to Eric Zimmerman's imaging tests. However, I tried something different this time. I…

    Wednesday March 28

    in Digital Forensics by Brett Shavers

    624 hits

  • Dragnet: 2018

    Definition of dragnet 1a : a net drawn along the bottom of a body of water b : a net used on the ground (as to capture small game) 2: a network of measures for apprehension (as of criminals) In Hollywood movies, citizens have virtually no expectation of privacy and no practically no protection from…

    Wednesday March 21

    in Digital Forensics Privacy by Brett Shavers

    300 hits

  • Some things about training, education, and learning in DFIR

    In theory, if you know what you are doing and are competent, that is all you need. In practice, being competent is rarely enough. You probably need documentation.... The importance of documentation was hammered into me for years by my employers as a government employee (military and LE). Courts made sure that anything that I…

    Sunday March 18

    in Digital Forensics by Brett Shavers

    541 hits

  • Windows Forensic Environment - Newest project is complete

    Forensic Operating Systems The time has come! The Windows Forensic Environment (aka Windows FE, aka WinFE) project and course has been updated. **COURSE IS CURRENTLY AT CAPACITY** However, send me an email (This email address is being protected from spambots. You need JavaScript enabled to view it. document.getElementById('cloak468d8203b49959ca5c86d0a79b2510cb').innerHTML = ''; var prefix = 'ma' +…

    Wednesday March 14

    in Digital Forensics by Brett Shavers

    1596 hits

  • Cyber Health

    I was a spectator to a conversation between a law enforcement DFIRer and corporate computer user this week, and it got interesting when the name-calling started. The point of the conversation was about corporate computer users being ‘lazy’ with computer systems (whether it be managing the organizations website content or just basic cyber health such…

    Friday February 23

    in Digital Forensics by Brett Shavers

    487 hits

  • Making Ham Sandwiches in DFIR

    Following up on some points made about DFIR writing on Twitter, here are my opinions on the subject of writing up your work in DFIR: 1: Write it up (or else your work didn’t happen) 2: Write it for your audience (or it won’t matter what you did anyway) If you follow those two tips,…

    Sunday February 18

    in Digital Forensics by Brett Shavers

    904 hits

  • DFIR Case Studies #7

    As I was going through Case Studies #7, I found several some reminders on tips for working a case. The simple obstacles that make some investigators quit only make others drive forward with creativity. One example is the suspect in Case Study #7 using open WiFi to be anonymous. Sometimes, investigators quit once they find…

    Thursday February 15

    in Digital Forensics by Brett Shavers

    991 hits

  • How many exposure dollars do you need to buy a cup of coffee?

    I am always flattered to be asked to speak in front of an audience on something that I know something about. I have fun sharing information with great people about the ‘secrets’ on how to do neat things in forensics and investigations. However, I find it odd to be asked to speak at conferences out…

    Saturday February 03

    in Digital Forensics by Brett Shavers

    758 hits

  • Rub some dirt on it.

    Failing hurts helps. Not that long ago, I would listen in awe at the DFIR experts presenting at conferences and wondered how some people can just glide right through this work like a slip-n-slide without taking a second breath. I mean, this work is usually pretty difficult to do but easy to make a mistake.…

    Tuesday January 16

    in Digital Forensics Speaking by Brett Shavers

    1128 hits

  • Don’t look back. Try to keep up. This is #DFIR.

    I do a lot of peer-reviews. Much like a case study (another one is coming up by the way…), a peer-review of the sort I am talking about is a line-by-line read of a forensic analyst’s report. Then reading it again, then again, and a few more times, all the while red-lining items of interest.…

    Friday December 29

    in Digital Forensics by Brett Shavers

    1029 hits

  • X-Ways Forensics & eDiscovery

    Following up on a discussion with an eDiscovery consultant, I wanted to show how X-Ways Forensics is a good (if not better at times) tool to have for the eDiscovery folks in ESI collection jobs. Not that XWF can replace eDiscovery tools, but certainly can complement collection efforts. I would even go as far to…

    Sunday December 10

    in Digital Forensics by Brett Shavers

    1048 hits

  • When you think you know enough

    If you ever have a day in the DF/IR field when you think you know enough, take the rest of the day off and reflect a bit before doing any more work. The reasoning is that we can never know enough, in the DF/IR field or any field. Usually, there is something that kicks me…

    Thursday November 23

    in Digital Forensics by Brett Shavers

    826 hits

  • DFIR Mentors. You just might be one and not know it.

    If you share information, openly discuss that which you can, and sincerely try to help others in the DF/IR field, you are probably someone’s mentor and do not even know it. I have always understood the term of “mentor” seriously as it implies a responsibility to teach others, and also suggests that you know a…

    Monday November 20

    in Digital Forensics by Brett Shavers

    1275 hits

  • Bitcoin Forensics | Investigating Cryptocurrency Crimes Online Course....it's coming...

    You knew this was coming. A course in cryptocurrency investigations. There is no faster and comprehensive method to learn cryptocurrency investigations than to take a class in it and study a book about it. As the book is being written, the course is being developed alongside the book as a companion to the book. If…

    Monday November 20

    in Digital Forensics Books Bitcoin Forensics by Brett Shavers

    1845 hits

  • Thinking of Writing a #DF/IR Book? Here’s a tip that may or may not work out for you.

    I am very open on my opinions about writing books, specifically DF/IR books. I encourage anyone who is thinking about writing a DF/IR book to write away and start right away! The longer you wait, the more likely someone else will write the book you wanted to write. Over the years, I have been asked…

    Friday November 17

    in Digital Forensics by Brett Shavers

    1464 hits

  • DF/IR Case Studies

    I've made three case studies so far and will have a fourth up this week. From the feedback I've asked in a short survey about the case study series, here are the results: The case studies are beneficial, useful, and job relevant. The presentation format works (weekly to bi-weekly case studies). Length is appropriate (between…

    Tuesday November 14

    in Digital Forensics by Brett Shavers

    817 hits

  • The last thing we want in DF/IR is the first thing we need in DF/IR (aka: regulations...)

    As teenagers, we never liked rules growing up. Curfews. Chores. Homework. But we know now that the rules were good for us. It seems like nothing has changed for those of us in the DF/IR field. We don’t particularly want to be regulated simply because, like when we were teenagers, we know what is best…

    Monday November 13

    in Digital Forensics by Brett Shavers

    1474 hits

  • Sharing is caring

    One thing about the DFIR blogs is that they tend to bounce off each other. This is a good thing because tidbits of gold nuggets can be expanded upon with different perspectives and experiences. Never in human history have we ever been able to instantly connect world-wide to increase our knowledge base, especially in the…

    Tuesday October 31

    in Digital Forensics by Brett Shavers

    1350 hits

  • A bundle of case studies and X-Ways Forensics Practitioner's Guide training

    ************UPDATE 10/29**************** Case studies 2 has been published. It's the Mr Fuddlesticks case. ****************************************************** Out of the 100+ viewers of the case study I did last week, a bit more than half completed a survey with most of those including comments on the case study in regards to what they want to see. With that,…

    Sunday October 29

    in Digital Forensics by Brett Shavers

    1280 hits

  • Case studies are more helpful than you may think

    Today’s presentation on a case study was an example of what I have been doing for many years – figuring out how other people do the job… I first started doing case studies when I made narc detective years ago. I can’t lay claim to having had the worst training officer in the narc world,…

    Monday October 23

    in Digital Forensics by Brett Shavers

    1670 hits

  • Drop the mic...please.

    Well...that didn't work out so well, did it? I had a serious audio problem with the webinar today, from which I learned to mute attendees for the next time that someone doesn't mute their mic. My fault on the audio, but on to the positive with the webinar: I'm going to make another (two more)…

    Tuesday October 17

    in Digital Forensics by Brett Shavers

    952 hits

  • If you are a “Self-Proclaimed Hacker” looking for a job in LE…

    We are almost fully into the computer-age. In nearly every aspect of our lives and jobs, computers* in some form or another, are integrated. This means that if you have the inclination and ability to work with computers, your time has come. The world is your oyster as the doors are not only open with…

    Thursday October 12

    in Digital Forensics by Brett Shavers

    1085 hits