More posts

• 

  Everything I Needed to Know…

  Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp

  You don’t need to experience military life to learn the valuable lessons that are drilled into military recruits.  In fact, you can probably enjoy the…

  Saturday August 17

  by Brett Shavers

  1530 hits / 0 comments

• 

  Personality of a computer

  Personality of a computer

  From a recent discussion that I had with Harlan Carvey about the registry, this topic is something that I touched on lightly in Placing the…

  Wednesday July 31

  by Brett Shavers

  2177 hits / 0 comments

• 

  Add a Dab of Balance…

  Add a Dab of Balance in your DFIR World

  Jessica Hyde ’ s post of Giving Back in DFIR from 2018 is a great write up on contributing to the DFIR community, and I…

  Monday June 24

  by Brett Shavers

  13155 hits / 0 comments

• 

  The Easy Way to Learn…

  The Easy Way to Learn DFIR

  Summary There is no easy way to learn DFIR . You can stop reading from here if you want. Longer version Ok. Since you are…

  Saturday June 08

  by Brett Shavers

  10894 hits / 0 comments

• 

  Game of Thrones, DFIR Style

  Game of Thrones, DFIR Style

  Short post and quick opinion. I came across some tweets today about how bad people are in the #infosec/#DFIR community and I dug a little…

  Thursday April 25

  by Brett Shavers

  22747 hits / 0 comments

• 

  Puking in DFIR

  Puking in DFIR

  Admittedly, the title of this post is intentionally gross, because I am going to heave a few things at you, mainly about puking. As in,…

  Wednesday April 17

  by Brett Shavers

  4746 hits / 0 comments

• 

  The #1 Reason that DFIR…

  The #1 Reason that DFIR practitioners don’t post opinions

    Lesley Carhart tweeted today that a journalist used one of her tweets in an article that would have been rephrased in a less playful…

  Tuesday April 09

  by Brett Shavers

  4895 hits / 0 comments

• 

  If USB flash drives were…

  If USB flash drives were shaped like spiders, we wouldn’t have these problems

  I hate USB drives. My first experiences with the darn things was when I was a young patrol officer and the entire police department was…

  Monday April 08

  by Brett Shavers

  1108 hits / 0 comments

• 

  Working in DFIR is glamorous,…

  Working in DFIR is glamorous, but mostly only to those not working in DFIR...

  Here is something about the DFIR career field: it is one of the most exciting, eventful, and jam-packed jobs that anyone can have. Running and…

  Friday April 05

  by Brett Shavers

  2428 hits / 0 comments

• 

  Overcommitted in DFIR

  Overcommitted in DFIR

  I have seen people be overcommitted, realize that they are overcommitted, yet continue forward in the most serious of situations. By overcommitted, I do not…

  Friday March 22

  by Brett Shavers

  11764 hits / 0 comments

• 

  'You're guilty unless you can…

  'You're guilty unless you can prove it'

  Swift on Security tweeted a great article. The article is not great as a well-written piece or containing earth shattering news piece, but more that…

  Saturday March 09

  by Brett Shavers

  13721 hits / 0 comments

• 

  “I've answered questions, responded to…

  “I've answered questions, responded to emails, and been on phone calls...when asked.” – Harlan Carvey

  I feel obligated to respond to one of Harlan Carvey’s points in his recent blog post, Book Writing Misconceptions ( https://windowsir.blogspot.com/2019/03/book-writing-misconceptions.html ).  I agree with…

  Tuesday March 05

  by Brett Shavers

  2275 hits / 0 comments

• 

  All you need is a…

  All you need is a tiny spark to solve your case.

  During a recent workshop, one person in the class kept asking me for the magic bullet to work his case. By that, I mean that he…

  Saturday March 02

  by Brett Shavers

  2147 hits / 0 comments

• 

  Some CONS are good. Some…

  Some CONS are good. Some cons are bad.

  The bad cons are the criminals that victimize you. The good CONS are the conferences that you were glad to attend.  CTIN is one of…

  Thursday February 14

  by Brett Shavers

  7494 hits / 0 comments

• 

  This is how I know…

  This is how I know someone will make it in DFIR (or in anything)

  The #1 factor is not giving up . The #2 factor is talent . Actually, scratch #2. You can make it without talent if you…

  Wednesday January 09

  by Brett Shavers

  18206 hits / 0 comments

• 

  5 tips in how not…

  5 tips in how not to be outdone, outmaneuvered, or just outright embarrassed in DFIR.

  Short version:

  1. Bring your A Game
  2. Don’t hold back
  3. Be prepared
  4. Know what you claim to know
  5. Fight complacency&... Tuesday January 01 by Brett Shavers 7256 hits / 2 comments Only race cars should burnout. Only race cars should burnout. This week, @taosecurity ( Richard Bejtlich ) wrote an important blog post on managing burnout ( Managing Burnout ). As he mentions in the first… Sunday December 23 by Brett Shavers 18528 hits / 0 comments Break dancing does not increase… Break dancing does not increase officer safety. Call me paranoid. It’s okay. I’ve been called worse. Nothing I am saying in this post will harm officer safety and actually should increase it.… Wednesday December 19 by Brett Shavers 1270 hits / 0 comments What is the best way… What is the best way to get to Spokane from Seattle? Stand by, here comes my opinion on forensic tools (software and hardware) I tend to prefer having the option to pick among a large selection… Saturday December 15 by Brett Shavers 2527 hits / 2 comments Digital Forensics is Really Easy Digital Forensics is Really Easy The mechanics of digital forensics (and its related cousin, incident response) are fairly easy. A computer is a computer is a computer. Collecting data is… Wednesday November 28 by Brett Shavers 4446 hits / 0 comments Google Adsense Module {source}