Short version:
- Bring your A Game
- Don’t hold back
- Be prepared
- Know what you claim to know
- Fight complacency&...
Continue reading
7865 Hits
EasyBlog.require()
.script("site/bookmarklet")
.done(function($) {
$('#sb-529294828').bookmarklet('facebook', {
"url": "https://www.brettshavers.com/brett-s-blog/entry/5-tips-in-how-not-to-be-outdone-outmaneuvered-or-just-outright-embarrassed-in-dfir",
"send": "1",
"size": "small",
"verb": "like",
"locale": "en_GB",
"theme": "light",
"tracking" : false });
});
EasyBlog.require()
.script("site/bookmarklet")
.done(function($) {
$('#sb-275497935').bookmarklet('linkedin', {
"url": "https://www.brettshavers.com/brett-s-blog/entry/5-tips-in-how-not-to-be-outdone-outmaneuvered-or-just-outright-embarrassed-in-dfir",
"size": "small"
});
});
Tweet
Recent Comments
Steve Whalen
Awesome blog post Brett! I've always been a big fan of yours! We are making the blog post required reading for everyone on our te... Read More
Thursday, 03 January 2019 20:06
Brett Shavers
way kind, and right back at ya.
Thursday, 03 January 2019 23:09
7865 Hits
{
"@context": "http://schema.org",
"mainEntityOfPage": "https://www.brettshavers.com/brett-s-blog/entry/5-tips-in-how-not-to-be-outdone-outmaneuvered-or-just-outright-embarrassed-in-dfir",
"@type": "BlogPosting",
"headline": "5 tips in how not to be outdone, outmaneuvered, or just outright embarrassed in DFIR.",
"image": "https://www.brettshavers.com/images/easyblog_articles/621/b2ap3_thumbnail_RPDwreck.jpg",
"editor": "Brett Shavers",
"genre": "Digital Forensics",
"publisher": {
"@type": "Organization",
"name": "Brett Shavers",
"logo": {"@type":"ImageObject","url":"https:\/\/www.brettshavers.com\/media\/com_easyblog\/images\/schema\/logo.png","width":60,"height":60} },
"datePublished": "2019-01-01",
"dateCreated": "2019-01-01",
"dateModified": "2019-01-04",
"description": "forensics and things",
"author": {
"@type": "Person",
"name": "Brett Shavers",
"image": "https://www.brettshavers.com/images/easyblog_avatar/42_brett.JPG"
}
}
DEC
23
0
Only race cars should burnout.
Posted by Brett Shavers
in
Digital Forensics
This week, @taosecurity ( Richard Bejtlich ) wrote an important blog post on managing burnout ( Managing Burnout ). As he mentions in the first sentence, he is not talking only about information security, but burnout in any profession. I’m certainly ...
Continue reading
24376 Hits
EasyBlog.require()
.script("site/bookmarklet")
.done(function($) {
$('#sb-395380663').bookmarklet('facebook', {
"url": "https://www.brettshavers.com/brett-s-blog/entry/only-race-cars-should-burnout",
"send": "1",
"size": "small",
"verb": "like",
"locale": "en_GB",
"theme": "light",
"tracking" : false });
});
EasyBlog.require()
.script("site/bookmarklet")
.done(function($) {
$('#sb-1807333998').bookmarklet('linkedin', {
"url": "https://www.brettshavers.com/brett-s-blog/entry/only-race-cars-should-burnout",
"size": "small"
});
});
Tweet
24376 Hits
{
"@context": "http://schema.org",
"mainEntityOfPage": "https://www.brettshavers.com/brett-s-blog/entry/only-race-cars-should-burnout",
"@type": "BlogPosting",
"headline": "Only race cars should burnout.",
"image": "https://www.brettshavers.com/images/images/burnout.JPG",
"editor": "Brett Shavers",
"genre": "Digital Forensics",
"publisher": {
"@type": "Organization",
"name": "Brett Shavers",
"logo": {"@type":"ImageObject","url":"https:\/\/www.brettshavers.com\/media\/com_easyblog\/images\/schema\/logo.png","width":60,"height":60} },
"datePublished": "2018-12-23",
"dateCreated": "2018-12-23",
"dateModified": "2019-09-02",
"description": "forensics and things",
"author": {
"@type": "Person",
"name": "Brett Shavers",
"image": "https://www.brettshavers.com/images/easyblog_avatar/42_brett.JPG"
}
}
DEC
19
0
Break dancing does not increase officer safety.
Posted by Brett Shavers
in
Digital Forensics
Call me paranoid. It’s okay. I’ve been called worse. Nothing I am saying in this post will harm officer safety and actually should increase it. The public needs to tell cops to stop being online marketing tools. PIOs choose to be a public figure, but...
Continue reading
1427 Hits
EasyBlog.require()
.script("site/bookmarklet")
.done(function($) {
$('#sb-533703660').bookmarklet('facebook', {
"url": "https://www.brettshavers.com/brett-s-blog/entry/break-dancing-does-not-increase-officer-safety",
"send": "1",
"size": "small",
"verb": "like",
"locale": "en_GB",
"theme": "light",
"tracking" : false });
});
EasyBlog.require()
.script("site/bookmarklet")
.done(function($) {
$('#sb-1889452374').bookmarklet('linkedin', {
"url": "https://www.brettshavers.com/brett-s-blog/entry/break-dancing-does-not-increase-officer-safety",
"size": "small"
});
});
Tweet
1427 Hits
{
"@context": "http://schema.org",
"mainEntityOfPage": "https://www.brettshavers.com/brett-s-blog/entry/break-dancing-does-not-increase-officer-safety",
"@type": "BlogPosting",
"headline": "Break dancing does not increase officer safety.",
"image": "https://www.brettshavers.com/images/face.JPG",
"editor": "Brett Shavers",
"genre": "Digital Forensics",
"publisher": {
"@type": "Organization",
"name": "Brett Shavers",
"logo": {"@type":"ImageObject","url":"https:\/\/www.brettshavers.com\/media\/com_easyblog\/images\/schema\/logo.png","width":60,"height":60} },
"datePublished": "2018-12-19",
"dateCreated": "2018-12-19",
"dateModified": "2018-12-20",
"description": "forensics and things",
"author": {
"@type": "Person",
"name": "Brett Shavers",
"image": "https://www.brettshavers.com/images/easyblog_avatar/42_brett.JPG"
}
}
Previous
Next
2
3
4
5
6
7
8
9
10
11
EasyBlog.require()
.script('site/authors', 'site/posts/posts')
.done(function($){
$('[data-author-item]').implement(EasyBlog.Controller.Authors.Item);
// Implement posts
$('[data-blog-posts]').implement(EasyBlog.Controller.Posts, {
"ratings": false });
});
EasyBlog.ready(function($){
// Prevent closing
$(document).on('click.toolbar', '[data-eb-toolbar-dropdown]', function(event) {
event.stopPropagation();
});
// Logout
$(document).on('click', '[data-blog-toolbar-logout]', function(event) {
$('[data-blog-logout-form]').submit();
});
// Search
$('[data-eb-toolbar-search]').on('click', function() {
$('[data-eb-toolbar-search-wrapper]').toggleClass('hide');
});
});
Brett's blog
Posts List
EasyBlog.ready(function($) {
$('[data-module-easybloglist-5de9199e42626]').on('change', function() {
var item = $(this).children(':selected');
window.location = item.data('permalink');
});
});
Select a blog entry
Updated video and other things
Portable Internet Evidence Finder and WinFE
It's time to build your WinFE!
But does it do Mac?
WinFE Demo Online
OSForensics
Triage Notes and WinFE
How easy (or difficult) is it to build a WinFE with WinBuilder?
Friendly reminders are always nice
Sharing the love with WinFE
An update to a long awaited project
Building your WinFE Update
Colin's Write Protect Application
WinFE Script Updated
For those that still haven't tried WinFE....
Winbuilder Tutorial
WinFE "Lite"
Creating a VMware Virtual Machine from a Raw Image File
How many users of WinFE?
Getting Ready for a Shadow Volume Exam
Adding Our Target System to Our SEAT Workstation
"Remote" Collections with WinFE, a neat trick
Mounting Shadow Volumes
A little reminder about 'write protection'
Colin's Final Version of his write protect application
X-Ways Forensics Practitioner's Guide is coming!
Windows 8 and WinFE
Getting a Quick Look at Shadow Volumes
RAIDs & Virtual Machines
WinFE Presentation
WinFE updated
Build questions
2012 in review
2012 in review
WinFE Presentation in Seattle
X-Ways Forensics Install Manager
Chapter 3 is in tech review!
CTIN 2013 Presentation
Talking about XWF in the CTIN Digital Forensics Conference
Chapter 6 is wrapping up!
Placing the Suspect Behind the Keyboard - NEW BOOK!
X-Tensions, what would you like to see it do?
XWFIM updated
Coming soon...X-Ways Forensics Report Tweaker, or XWFRT for short
XWFRT now available
XWFRT 0.0.4.6 released
XWFRT and XWFIM updated
XWFIM goes International!
XWFRT updated to 0.4.8
Table of contents updated!
Case Studies with X-Ways
WinFE and UEFI Secure Boot!
Starting the last chapter!
Starting the last chapter!
Multiple File Finder X-Tension for X-Ways Forensics
Case Studies
XWFIM updated
Take the XWF class or buy the book?
Is WinFE still being used?
Writing is done!
About those case studies.....
The bar is now closed...
"This book is going to be great!"
XWFIM version 0.0.5.4 released
Hitler rants about Encase training policies - Downfall parody
Running Autopsy 3 Digital Forensics Platform on WinFE Lite for Triage Forensics
XWF Practitioner's Guide Date Change
A great interview with Author Eric Zimmerman.
Making the build even easier
A few more days...
Now this is good.
Another free tool for X-Ways, from Magnet Forensics
40% Discount off the X-Ways Forensics Practitioner's Guide
Some bad news and some good news on the XWF Guide...
Temporary 40% discount on a book I wrote
Last day for the 40% discount on the XWF Guide!
The XWF Guide discount ship has sailed
The X-Ways Forensics Practitioners Guide is available in Kindle!
Book stuff
Guess I'm not the only one with a Kindle...
Elsevier SciTechConnect
The XWF Guide aka, "going like hot cakes"
Positive Feedback
Want a free and signed copy of the XWF Guide? It's yours!
XWF Guide Review by Ken Pryor
Another short-run sale
XWF Guide as #2 best seller (in Forensic Science) on Amazon
Clean up on aisle 7...
X-Ways Users Conference
Cool. Download the XWF Guide to your iPad, iPhone, iTouch, or iPod
Hindsight is 20-20
Creating distributable test images
Best publicly available testing of WinFE I've seen to date
Another discount on the XWF Guide at $37.96
Updated link on the Mistype project
Mini-WinFE
X-Ways Forensics and WinFE
Mini-WinFE is out of beta!
Quick video on building a Mini-WinFE
WinFE article in eForensics Magazine
Imaging with X-Ways Forensics
Cloud Storage Forensics and XWF
Something else cool about XWF
A very kind review of Placing the Suspect Behind the Keyboard
X-PERT Certification Program
CyberCrime 2013 Symposium
XWF Guide translations
X-Ways Forensics Imaging Article
X-Ways Forensics Install Manager
Cool update to the XWFIM, Portable Install
Integrated Scripts to WinFE
Thesis on WinFE, shared by Alex Van Ginkel
Cloud Storage Forensics book review
Cloud Storage Forensics
Natural Progression for New Users of WinFE
More WinFE work and research!
Windows Forensic Analysis, Fourth Edition
WFA/4e
No surprise. XWF does something other tools don't
WinFE has some street cred with the Scientific Working Group on Digital Evidence
Hacking Exposed - Daily Blog #242, How to build WinFE to add to the Multiboot thumbdrive
Another reason to use, try, or at least just learn about XWF
A gathering of the X-Ways users in Australia
From Hacking Exposed: Adding the WinFE Image to the Multiboot Thumbdrive Image (Video)
WinFE (and of course, XWF)
Not X-Ways, but of interest to Encase users
Network Investigation & Digital Triage by SEARCH.org
Hey look! Now there is a book on FTK.
"Placing the Suspect Behind the Keyboard" discount code
Humbled and honored
Vote for your favorite book.
Vote for your favorite book
Book Review: Windows Forensic Analysis Toolkit, 4th Edition
WinFE Success Story
Free Course Materials - Placing the Suspect Behind the Keyboard
Mini-WinFE Updated
www.reboot.pro discussion | DMDE - Basic Disk Imaging Test (and results)
Suggestions for a WinFE Imaging Tool Based on Clonedisk?
"Based upon the test results it is possible to run all versions of WinPE on a system with only 128 MB of system RAM"
Coming Soon, Online WinFE Training Program
A Quicker Way to the Shadow Volumes and Dealing with Win 8 VHDXs
Some Interesting WinFE Related Stuff I Found Online
Vote for the best book right away!
WinFE Course
Don't blame me...
WinFE online is done, except for a few little things
Digital Forensics Book of the Year!
New X-Tension: Up to 30GB min speeds on SSD drives!
Windows Forensic Environment - WinFE Online Course Now Available
WinFE course snafu
Keep up with WinFE on Twitter
X-Ways Forensics Online Training
Mini-WinFE has been updated
X-Ways Forensics Practitioner's Guide Online II
Thanks to Ken Pryor for his kind review of the WinFE online course
Last day of discounted X-Ways Forensics online course
Cool work at the Windows Triage Environment
Free WinFE course
SEARCH High-Tech Crime Trainers to Debut WinFE as a new topic
X-Ways MD5 Hash Manipulator
BlockHasher for XWF
WinFE Taught in Australia
C4All X-Tension for CETS users
Forensic Training with WinFE. Cool.
XWF II and III...
New version of X-Tension
USB Malware and WinFE
Workarounds to Workarounds (and some hints & reminders)
Image a Surface Pro using bootable UEFI WinFE
Updates to X-tension and Hash File Manipultator
Barely any updates to WinFE :(
C4All X-tension update
Is it worth the time to figure out WinFE?
More on Autopsy and WInFE
Another Discount on the XWF Guide at $37.96
Book Review: Windows Forensic Analysis Toolkit, 4th Edition
X-Ways Online Training Course
I had a blast presenting for ICAC at Microsot
Tor is perfect! (except for the user....)
A little update coming for Mini-WinFE
Teaching Digital Forensics at the University of Washington
Libraries and the Tor Browser
Massive Government Surveillance - Not a new thing
RegRipper
The best part of writing a book is finishing the book.
What is this thing "privacy" you speak of?
Tech Talk Can Get You Lost in Lingo
Bio-hacked humans and digital forensic issues...
Books written by practitioners are many times better than those written by those who 'never done it'
Apple. Oranges. And Encryption.
Let's not go all Patriot Act on this Apple - FBI encryption thing.
Dude, just write the book.
The four corners of the Apple v FBI encryption debacle
Barking up the Encryption Tree. You're doing it wrong.
I'm just a Tor exit node! I'm just a Tor exit node!
When everyone's talking about it
Reviewing a tech book technically makes you a peer reviewer…
Behind the Keyboard - Enfuse 2016 Presentation download
The Secret to Becoming More-Than-Competent in Your Job
Compiling Identity in Cyber Investigations
Tag CloudVirtualization
wiretap
windows fe
Jimmy Weg
presentations
imaging
phishing
winfe
bitcoin forensics
writing
North korea
X-Ways Forensics
Hiding Behind the Keyboard
windows forensic environment
training
book
investigation
privacy
Windows Forensic Environment
case studies
Bitcoin Forensics
Registry Forensics
Placing the Suspect Behind the Keyboard
investigations
dfir
Volume Shadow Copy
4cast
bitcoin
Hacker
email
RegRipper
gmail
tor browser
University of Washington
forensics
X-Ways Forensics Practitioner's Guide
surveillance
Search Blog
Search
Most popular posts
Brett Shavers
06 December 2015
RegRipper
Digital Forensics
The short story-if you want RegRipper, get it from GitHub (don't download it from anywhere else)http://github.com/keydet89What is RegRipper?RegRipper was created and maintained by Harlan Carvey. ...
30021 Hits
3 comments
Read More
Brett Shavers
10 September 2019
The Five Stages of the DFIR Career Grief Cycle
Digital Forensics
I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig, that I was honored that he agreed to write the foreword of a book that Eric Zimmerma...
29749 Hits
0 comments
Read More
Brett Shavers
25 April 2019
Game of Thrones, DFIR Style
Digital Forensics
Short post and quick opinion. I came across some tweets today about how bad people are in the #infosec/#DFIR community and I dug a little deeper. Actually, I didn’t have to dig far at all to find trul...
26707 Hits
0 comments
Read More
DFIR Training
Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.
Even better, support DFIR Training at Patreon and get access to multiple online courses in digital forensics with included ebooks!
http://www.patreon.com/DFIRTraining
(adsbygoogle = window.adsbygoogle || []).push({});
More posts
EasyBlog.require()
.script('ratings')
.done(function($) {
$('[data-rating-form]').implement(EasyBlog.Controller.Ratings);
});
Date
Date
The Five Stages of the… The Five Stages of the DFIR Career Grief Cycle I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig,… Tuesday September 10 by Brett Shavers 29749 hits / 0 comments
Our World is Going to… Our World is Going to Turn Upside Down with DeepFakes The short story Any person and their voice, in practically any video (past, present, or future) can have their face and voice digitally replaced with… Sunday September 01 by Brett Shavers 2140 hits / 0 comments
If you are comfortable in… If you are comfortable in DFIR, you might be doing it wrong I took a 3-day basic forensic course and embarrassingly enough, the instructor (in front of the class), said that I probably know everything in the… Thursday August 29 by Brett Shavers 2550 hits / 0 comments
Everything I Needed to Know… Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp You don’t need to experience military life to learn the valuable lessons that are drilled into military recruits. In fact, you can probably enjoy the… Saturday August 17 by Brett Shavers 3120 hits / 0 comments
Personality of a computer Personality of a computer From a recent discussion that I had with Harlan Carvey about the registry, this topic is something that I touched on lightly in Placing the… Wednesday July 31 by Brett Shavers 2666 hits / 0 comments
Add a Dab of Balance… Add a Dab of Balance in your DFIR World Jessica Hyde ’ s post of Giving Back in DFIR from 2018 is a great write up on contributing to the DFIR community, and I… Monday June 24 by Brett Shavers 13547 hits / 0 comments
The Easy Way to Learn… The Easy Way to Learn DFIR Summary There is no easy way to learn DFIR . You can stop reading from here if you want. Longer version Ok. Since you are… Saturday June 08 by Brett Shavers 11885 hits / 0 comments
Game of Thrones, DFIR Style Game of Thrones, DFIR Style Short post and quick opinion. I came across some tweets today about how bad people are in the #infosec/#DFIR community and I dug a little… Thursday April 25 by Brett Shavers 26707 hits / 0 comments
Puking in DFIR Puking in DFIR Admittedly, the title of this post is intentionally gross, because I am going to heave a few things at you, mainly about puking. As in,… Wednesday April 17 by Brett Shavers 5094 hits / 0 comments
The #1 Reason that DFIR… The #1 Reason that DFIR practitioners don’t post opinions Lesley Carhart tweeted today that a journalist used one of her tweets in an article that would have been rephrased in a less playful… Tuesday April 09 by Brett Shavers 5299 hits / 0 comments
If USB flash drives were… If USB flash drives were shaped like spiders, we wouldn’t have these problems I hate USB drives. My first experiences with the darn things was when I was a young patrol officer and the entire police department was… Monday April 08 by Brett Shavers 1424 hits / 0 comments
Working in DFIR is glamorous,… Working in DFIR is glamorous, but mostly only to those not working in DFIR... Here is something about the DFIR career field: it is one of the most exciting, eventful, and jam-packed jobs that anyone can have. Running and… Friday April 05 by Brett Shavers 2850 hits / 0 comments
Overcommitted in DFIR Overcommitted in DFIR I have seen people be overcommitted, realize that they are overcommitted, yet continue forward in the most serious of situations. By overcommitted, I do not… Friday March 22 by Brett Shavers 15444 hits / 0 comments
'You're guilty unless you can… 'You're guilty unless you can prove it' Swift on Security tweeted a great article. The article is not great as a well-written piece or containing earth shattering news piece, but more that… Saturday March 09 by Brett Shavers 18786 hits / 0 comments
“I've answered questions, responded to… “I've answered questions, responded to emails, and been on phone calls...when asked.” – Harlan Carvey I feel obligated to respond to one of Harlan Carvey’s points in his recent blog post, Book Writing Misconceptions ( https://windowsir.blogspot.com/2019/03/book-writing-misconceptions.html ). I agree with… Tuesday March 05 by Brett Shavers 2811 hits / 0 comments
All you need is a… All you need is a tiny spark to solve your case. During a recent workshop, one person in the class kept asking me for the magic bullet to work his case. By that, I mean that he… Saturday March 02 by Brett Shavers 2480 hits / 0 comments
Some CONS are good. Some… Some CONS are good. Some cons are bad. The bad cons are the criminals that victimize you. The good CONS are the conferences that you were glad to attend. CTIN is one of… Thursday February 14 by Brett Shavers 7808 hits / 0 comments
This is how I know… This is how I know someone will make it in DFIR (or in anything) The #1 factor is not giving up . The #2 factor is talent . Actually, scratch #2. You can make it without talent if you… Wednesday January 09 by Brett Shavers 18543 hits / 0 comments 5 tips in how not… 5 tips in how not to be outdone, outmaneuvered, or just outright embarrassed in DFIR. Short version: {source}
- Bring your A Game
- Don’t hold back
- Be prepared
- Know what you claim to know
- Fight complacency&...
Tuesday January 01
by Brett Shavers
7865 hits
/
2 comments
Only race cars should burnout. Only race cars should burnout. This week, @taosecurity ( Richard Bejtlich ) wrote an important blog post on managing burnout ( Managing Burnout ). As he mentions in the first… Sunday December 23 by Brett Shavers 24376 hits / 0 comments {source}