Brett's Ramblings
Luck has nothing to do with it if you are good at what you do.
When the bad guy is caught because the bad guy made a mistake, that does not mean bad luck for the bad guy or good luck for the good guy. It just means that the investigator not only caught the mistake, but ran with it. This takes effort and skill, not luck. If you want to see luck (good or bad), watch a Roulette table or throw some dice in Vegas. Granted, I have seen bad guy mistakes that truly dropped into the lap of an investigator, but that is typically not typical, and even then, if you don't recognize it for what it is, you'll miss out on a freebie.
A good case study you can see on Youtube is Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev
One of the really good statements from the presentation is “…mistakes just happen…and if law enforcement sees that one mistake it’s something to run on…”.
The trick in seeing that one mistake resides in only three questions to ask yourself (today, ask yourself these questions today):
1. What kind of mistakes happen?
2. Where do I look for those mistakes?
3. What do I do when I find one?
Use three simple questions to solve the most complex of cases, whether it is a hacking case or a murder case or a fraud case or an employee theft case. Any case. I harp on this concept often, only because it is so important. I harp on it enough to write books about it, teach it, and do it myself. The concept is the same. Know the mistakes that the bad guys make, find the mistakes, and know what to do with the mistakes when you find them.
The old adage of the bad guy has to be right 100% of the time and the police only need to be right once is true in that you only need to find the one mistake to break the case. Looking back on my biggest cases that were overwhelmingly complex on the surface, I can reflect on the first little cracks in the cases that were all tied back to an error by the suspect. Every single one of them. It took effort to find the mistakes, but they were there.
Solving cases has always been this way. There is no magic in solving a complex case other than the illusion of magic that you create for everyone who watches you run circles around them as you close cases. When you meet someone who always has a difficult time of closing a case, it is because they are not finding the errors that are being made by the suspect. That’s it. For whatever reason, the mistakes are not being caught or if they are, the mistakes are not being exploited by the investigator to break the case open. Anyone who says that mistakes don't happen anymore are mistaken. Mistakes happen, have always happened, and will continue to happen. Human nature and technology failures will continue to allow investigators to solve the unsolvable cases.
You still have to work hard even after being skilled at finding mistakes made by the suspect. There is no way around that. When I was a young patrol officer, I made a lot of arrests. I'm talking a lot of felony arrests. My department had a tad bit over 125 commissioned officers, but in one year alone, I made more felony drug arrests than the rest of the department...combined. I was called "lucky". I was asked constantly, "How are you so lucky?". My answer was always something to the effect of "I'm just lucky I guess." In reality, I worked hard. I talked to a lot of people on the street (citizens and not-so-much-citizens). I watched drug houses every minute I could. I simply worked hard and it appeared that I was "lucky". Luck has nothing to do it. You need the effort and you need to know what you are looking for. I brought that same luck with me when I made detective. I bring it whereever I go. You can see this concept in business where a business makes a mistake and a competitor exploits the heck out of it. You can do it too with your cases, regardless of the type of case, size of case, or importance of the case.
If you are looking for a headstart on answering the three questions, I’ll give you 50% off the Placing the Suspect Behind the Keyboard online course, plus two free books (PSBK and HBTK) to go along with the course. $399.50 for 13 hours of (1) what mistakes are made, (2) where to look for the mistakes, and (3) what to do when you find one. But hurry, you only have a few days before the promo expires on 8/31/17.
About the author
Comments
By accepting you will be accessing a service provided by a third-party external to https://www.brettshavers.com/
Posts List
Tag Cloud
Search Blog
Most popular posts
Magnet Forensics Conversation
DFIR Training
Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.
Even better, support DFIR Training by subscribing at https://www.dfir.training/subscribe-3 and get access to multiple online courses in digital forensics with included ebooks!
More posts
-
When OSINT is turned into the Baseball Bat of Internet Mob Justice
We are of a curious mind, we the forensic examiners, private investigators, OSINT professionals, and journalists. Our work is for the public good, and we…
Thursday January 14
5554 hits / 0 comments
-
I took a look at Instagram's Terms of Service so that you won't have to.
Who really reads the Terms of Service anyway?Are EULAs and TOSs intentionally designed as multi-page, single-spaced, 4 font, legalized writing to confuse users or simply…
Saturday December 26
8534 hits / 0 comments
-
White Paper: The Susceptibility of Interconnected Devices in a Global Concept as Surveillance Affects the Consumer-user
I read an article that China used technology to spy on users via their phones (https://www.theguardian.com/us-news/2020/dec/15/revealed-china-suspected-of-spying-on-americans-via-caribbean-phone-networks). Here is my white paper analysis.#1 - If...
Wednesday December 16
4650 hits / 0 comments
-
How long does it take to get into the DFIR field?
Question I received: How long does it take before I can expect to get into a DFIR career?Answer: It depends!It depends on your available resources +…
Thursday November 12
14893 hits / 0 comments
-
An expert is just one page in a book ahead of you
Let me dispel your notion of what an “expert” is. An expert is someone who has more information than you. That’s it. Imagine being stranded…
Friday October 30
5825 hits / 0 comments
-
Should you improve your DFIR skills on your personal time?
Almost two years ago, I wrote about burning out in DFIR (“Only race cars should burn out"). I still stand by what I wrote at…
Friday September 04
28344 hits / 0 comments
-
TikTok is like a big, greasy cheeseburger. We know it is bad for us, but don't care.
Short version: Any social media platform can be compared to the biggest, greasiest cheeseburger that you can find. You know that the cheeseburger is unhealthy,…
Tuesday July 07
24017 hits / 0 comments
-
Jessica Hyde and I talk about forensic stuff
Jessica Hyde of Magnet Forensics sat down together (virtually...) to talk about forensics. In case you missed it, here it is!
Thursday June 11
10735 hits / 0 comments
-
Facebook Spoofing: Your Reputation, Investigations, and Massive Data Collection
A “new” article on imposter Facebook accounts was published today in the Philippines. I put “new” in quotes because this is not a new issue,…
Sunday June 07
2662 hits / 0 comments
-
You do not want to work in DFIR.
The fantasySo many people ask how they can start a career in the DF/IR field, which is completely understandable. The glamour is there. Hollywood shows…
Thursday June 04
3278 hits / 0 comments
-
COVID-19’s Investigative Impacts on Digital Forensics/Incident Response (DFIR). AKA: All burners are now burned.
The meat and potatoesA bit is still a bit and a byte is still a byte. COVID-19 cannot change that, which means that the technical…
Saturday April 25
16858 hits / 0 comments
-
Mini-WinFE 10 and WinFE 10 Updated
The short story on the newest Mini-WinFE 10 (aka, the download link):Mini-WinFE has been updated and upgraded. I update WinFE developments (including the downloads for…
Sunday April 05
10816 hits / 2 comments
-
Eat your broccoli first
Something good and something not-so-good on learning DFIRThe good thing about learning DFIR is that there are probably fewer barriers and obstacles to learn and…
Saturday January 18
30970 hits / 0 comments
-
The Second Decade of the 2000s is almost over!
We’ve come a long way in DFIR over the past 20 years, and even looking at just the past decade, the field has drastically grown!…
Thursday December 26
10720 hits / 0 comments
-
Public Records
I have an outstanding public records request. It is not "outstanding" in the manner that I wrote a great request, but "outstanding" in that I…
Thursday December 12
5221 hits / 0 comments
-
The Five Stages of the DFIR Career Grief Cycle
I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig,…
Tuesday September 10
36763 hits / 0 comments
-
Our World is Going to Turn Upside Down with DeepFakes
The short storyAny person and their voice, in practically any video (past, present, or future) can have their face and voice digitally replaced with any…
Sunday September 01
4455 hits / 0 comments
-
If you are comfortable in DFIR, you might be doing it wrong
I took a 3-day basic forensic course and embarrassingly enough, the instructor (in front of the class), said that I probably know everything in the…
Thursday August 29
4803 hits / 0 comments
-
Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp
You don’t need to experience military life to learn the valuable lessons that are drilled into military recruits. In fact, you can probably enjoy the…
Saturday August 17
6431 hits / 0 comments
-
Personality of a computer
From a recent discussion that I had with Harlan Carvey about the registry, this topic is something that I touched on lightly in Placing the…
Wednesday July 31
5082 hits / 0 comments
© 2021 Brett Shavers