Brett's Ramblings
Rub some dirt on it.
Failing hurts helps.
Not that long ago, I would listen in awe at the DFIR experts presenting at conferences and wondered how some people can just glide right through this work like a slip-n-slide without taking a second breath. I mean, this work is usually pretty difficult to do but easy to make a mistake. Missing an important artifact or misinterpreting data that gets caught by an opposing expert happens, and when it does, embarrassment sets in quite quickly. How do these experts get away without making any mistakes?
The short answer
They made the same mistakes you make and are still making mistakes. They fail every day.
The longer answer
We all fail and no one gets out of here alive (without failing). The difference is what you do after you fail. Having grown up in the South, whenever I would skin my knee or crash my bicycle, I was generally told to ‘rub some dirt on it' and get up. I’ve pretty much lived with that advice and even raised my kids on it. For my kids, I changed the ‘rub some dirt on it’ with ‘if you don’t see bone sticking out, get back up’.
That’s as simple as it gets. Fall down. Get back up. There’s plenty of complex advice you can find on breaking this down into reflecting on how the fail happened, what steps you could have taken to prevent it, and how you can prevent the fail from happening again. I take those steps as a given and simply know that I’ll rub dirt on it and keep going, making sure to not do that particular error again.
By the way, a failure by anyone feels the same as you do when you fail. The difference is choosing to move past it as a learning experience.
A warning sign
If you don’t make mistakes, errors, or fails, then you are not moving forward. You are not gaining experience or learning. Obviously, the fewer fails you have, the better. But having none is probably an indication that you are not trying to go beyond that what you already know. You may not be testing your limits and pushing yourself to be better. You gotta know your limitations..
One of the worst pieces of advice that I have ever been given was from a 30-year police veteran when I was a new guy in patrol. His advice was “never do anything and you’ll never get in trouble”. Technically he was correct. Don’t do any aggressive patrol and the risk of making a mistake drastically decreases. Practically, that means you’d never get any better at the job you are getting paid to do. Happily, I did the opposite and made enough mistakes to become so good at my job that a small-town cop traveled the world working international organized crime cases with just about every alphabet soup federal agency in North America. I brought that attitude to digital forensics and believe me….I’ve made plenty of mistakes and fails, from forgetting to bring my presentation materials for a conference to totally missing a blatantly obvious piece of electronic evidence on a drive on a case. Fails still smart, but rub dirt on it and learn from it.
What I am not saying
I am certainly not saying to intentionally make mistakes in order to learn or get better. You will fail at something no matter how hard you try to succeed, so don’t worry about that. The fails are coming, maybe in the next hour or next week. As long as you work to learn and improve your skills, employ what you learned and master them, the mistakes will be there as you work through the process. Try to keep the mistakes small and the learning big. Worst are the big mistakes and small learning. Fail small. Learn big.
Remember: Rub some dirt on it. Learn from it. Don’t do it again. 
About the author
Comments 1
By accepting you will be accessing a service provided by a third-party external to https://www.brettshavers.com/
Posts List
Tag Cloud
Search Blog
Most popular posts
DFIR Training
Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.
Even better, support DFIR Training at Patreon and get access to multiple online courses in digital forensics with included ebooks!
More posts
-
COVID-19’s Investigative Impacts on Digital Forensics/Incident Response (DFIR). AKA: All burners are now burned.
The meat and potatoesA bit is still a bit and a byte is still a byte. COVID-19 cannot change that, which means that the technical…
Saturday April 25
14520 hits / 0 comments
-
Mini-WinFE 10 and WinFE 10 Updated
The short story on the newest Mini-WinFE 10 (aka, the download link):Mini-WinFE has been updated and upgraded. I update WinFE developments (including the downloads for…
Sunday April 05
8975 hits / 2 comments
-
Eat your broccoli first
Something good and something not-so-good on learning DFIRThe good thing about learning DFIR is that there are probably fewer barriers and obstacles to learn and…
Saturday January 18
30154 hits / 0 comments
-
The Second Decade of the 2000s is almost over!
We’ve come a long way in DFIR over the past 20 years, and even looking at just the past decade, the field has drastically grown!…
Thursday December 26
9816 hits / 0 comments
-
Public Records
I have an outstanding public records request. It is not "outstanding" in the manner that I wrote a great request, but "outstanding" in that I…
Thursday December 12
4689 hits / 0 comments
-
The Five Stages of the DFIR Career Grief Cycle
I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig,…
Tuesday September 10
34886 hits / 0 comments
-
Our World is Going to Turn Upside Down with DeepFakes
The short storyAny person and their voice, in practically any video (past, present, or future) can have their face and voice digitally replaced with any…
Sunday September 01
3038 hits / 0 comments
-
If you are comfortable in DFIR, you might be doing it wrong
I took a 3-day basic forensic course and embarrassingly enough, the instructor (in front of the class), said that I probably know everything in the…
Thursday August 29
3991 hits / 0 comments
-
Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp
You don’t need to experience military life to learn the valuable lessons that are drilled into military recruits. In fact, you can probably enjoy the…
Saturday August 17
4934 hits / 0 comments
-
Personality of a computer
From a recent discussion that I had with Harlan Carvey about the registry, this topic is something that I touched on lightly in Placing the…
Wednesday July 31
3936 hits / 0 comments
-
Add a Dab of Balance in your DFIR World
Jessica Hyde’s post of Giving Back in DFIR from 2018 is a great write up on contributing to the DFIR community, and I see her…
Monday June 24
14607 hits / 0 comments
-
The Easy Way to Learn DFIR
SummaryThere is no easy way to learn DFIR. You can stop reading from here if you want.Longer versionOk. Since you are still reading, you probably…
Saturday June 08
13904 hits / 0 comments
-
Game of Thrones, DFIR Style
Short post and quick opinion. I came across some tweets today about how bad people are in the #infosec/#DFIR community and I dug a little…
Thursday April 25
31813 hits / 0 comments
-
Puking in DFIR
Admittedly, the title of this post is intentionally gross, because I am going to heave a few things at you, mainly about puking. As in,…
Wednesday April 17
5765 hits / 0 comments
-
The #1 Reason that DFIR practitioners don’t post opinions
Lesley Carhart tweeted today that a journalist used one of her tweets in an article that would have been rephrased in a less playful manner…
Tuesday April 09
5858 hits / 0 comments
-
If USB flash drives were shaped like spiders, we wouldn’t have these problems
I hate USB drives. My first experiences with the darn things was when I was a young patrol officer and the entire police department was…
Monday April 08
2306 hits / 0 comments
-
Working in DFIR is glamorous, but mostly only to those not working in DFIR...
Here is something about the DFIR career field: it is one of the most exciting, eventful, and jam-packed jobs that anyone can have. Running and…
Friday April 05
3844 hits / 0 comments
-
Overcommitted in DFIR
I have seen people be overcommitted, realize that they are overcommitted, yet continue forward in the most serious of situations. By overcommitted, I do not…
Friday March 22
19018 hits / 0 comments
-
'You're guilty unless you can prove it'
Swift on Security tweeted a great article. The article is not great as a well-written piece or containing earth shattering news piece, but more that…
Saturday March 09
21290 hits / 0 comments
-
“I've answered questions, responded to emails, and been on phone calls...when asked.” – Harlan Carvey
I feel obligated to respond to one of Harlan Carvey’s points in his recent blog post, Book Writing Misconceptions (https://windowsir.blogspot.com/2019/03/book-writing-misconceptions.html). I agree with everything he…
Tuesday March 05
3456 hits / 0 comments
© 2020 Brett Shavers