Brett's Ramblings

If you are a “Self-Proclaimed Hacker” looking for a job in LE…
Brett Shavers
Digital Forensics
We are almost fully into the computer-age.   In nearly every aspect of our lives and jobs, computers* in some form or another, are integrated.  This means that if you have the inclination and ability to work with computers, your time has come.  The world is your oyster as the doors are not only open with information security careers, but employers ...
Case study - Placing the Suspect Behind the Keyboard
Brett Shavers
Digital Forensics
Not too long ago, I read an article where the state’s largest cocaine bust happened because the driver was stopped for speeding.  The first thing I thought was, “Speeding…yeah, right”.   So, I called a good friend of mine who I worked some cool drug cases with and asked if that was his case.  But of course it was.  The article read like cases we wo...
Free Webinar - Tips and Case Studies on Placing the Suspect Behind the Keyboard
Brett Shavers
Digital Forensics
I had coffee with a detective (ie...consulted on a case....) to discuss his case where tying a person to one specific device was necessary for criminal charges in an overly complex investigation.  There were a few things I learned and a few things he learned because of our talk.  I think it would beneficial to talk about some of the things we discu...
Placing the Beard Behind the Keyboard
Brett Shavers
Digital Forensics
http://www.miamiherald.com/news/nation-world/article175557206.html News reporting does an injustice to the work done in cases like these, only because the articles make it sound so easy.  But this particular case illustrates placing the suspect behind the keyboard using several methods that are sometimes overlooked (but of course, these methods and...
Some of your cases probably already have cryptocurrency evidence in them...
Brett Shavers
Digital Forensics
The Bitcoin Forensic book is moving forward with a fantastic addition of a tech editor: Heather Mahalik!.  I could not be more honored than to have Heather as the tech editor.  If you are reading this, you already know who Heather is in the DFIR community, but if not, take a look here: Heather's Bio. A few things about the book. Yes, it is tentativ...
“Forensically Sound”.  One of those phrases that is commonly used, misused, unused, and abused.
Brett Shavers
Digital Forensics
Disclaimer: This is my opinion, which is not a legal opinion. I call it Brett's Opinion.  But along with that, I have identified, seized, analyzed, requested analysis, checked-in/out, transferred/assumed custody, and had entered into court cases thousands of items of evidence from electronic data to brain matter.    This short post is to give my op...
When “intent” is an element of the crime, you better find the intent.
Brett Shavers
Digital Forensics
Proving intent can give you the dickens of a time.  It’s easy to prove what happened.  And it is mostly easy to prove how it happened.  Many times you can even prove who caused it to happen.  But the stickler is always the why (aka: intent or reason). A murder-for-hire case I solved some years back required finding the intention of the hired gun (s...
Luck has nothing to do with it if you are good at what you do.
Brett Shavers
Digital Forensics
When the bad guy is caught because the bad guy made a mistake, that does not mean bad luck for the bad guy or good luck for the good guy.   It just means that the investigator not only caught the mistake, but ran with it.  This takes effort and skill, not luck.   If you want to see luck (good or bad), watch a Roulette ...
Kicking in the wrong doors
Brett Shavers
Digital Forensics
I like reading Brian Krebs’ blog.  Brian is awesome at tracking hackers and writing about it.  While reading his latest post, Blowing the Whistle on Bad Attribution, my internal response was to keep repeating, “yes yes yes”. I’m not going to get into his blog post other than recommend it as a good read about attribution.  Now…about k...
Knowing “how-to-do-it” is important, but first you need to know “what-to-do”.
Brett Shavers
Digital Forensics
My first months as a narcotic detective sucked.  My partner (ie. the senior narc) was less helpful than a doorknob on the ceiling.  The initial On-the-job training basically consisted of “figure it out” and “I am not going to help you figure it out”.   In time, I figured it out.  It took nearly being killed on occasion...
Bitcoin Forensics - The book
Brett Shavers
Digital Forensics
The table of contents is done!  Or at least the tentative table of contents is done. You'd figure that a table of contents would be the easiest thing to write for a nonfiction book, but not only is it not the easiest, but it changes as you write.  I've learned that a good plan for a table of contents helps keep the book focused, but I also learned ...
Yes, you can place the suspect behind the keyboard, even if Tor is used.
Brett Shavers
Digital Forensics
Earlier this year, I was asked to give a talk to a small group of investigators on putting together a case on anonymous criminals on the Internet.  Right out of the gate, from the back forty (ie..the back of the room), I was told that it can’t be done, that only the NSA can do it, and that this was going to be a waste of time.  No kidding...
Placing the Suspect Behind the Camera
Brett Shavers
Digital Forensics
*Hint: If the topic of this post is of value to you, there is a special gift at the end of this post that may interest you. Let’s say you have a digital photo that is evidence in your case, perhaps critical to the case.  The questions: Who took the photo?  How can you prove it?   How can you tie the photo with a camera to the su...
Bitcoin Forensics
Brett Shavers
Digital Forensics
Two books in the works. In between the adventures in life and work, I have been busy with writing.  One, a fiction book, is expected to be in print next year (all on the publisher's schedule).  It’s an exciting book and sure to grab your attention. More on that sometime later.  The second book is another nonfiction forensics book, Bi...
Anonymity: Criminals are only as good as their last mistake
Brett Shavers
Digital Forensics
I’m big on privacy, even though I know that practically, the only information that is private today is that which (1) only you know and (2) does not exist anywhere outside your head.  Everything else can be had one way or another, by hook or crook.  Most personal information we willingly give away, such as our date of birth when signing up for “fre...