Brett's Ramblings

A forensic book is not just a forensic book if you do forensics.
Brett Shavers
Digital Forensics
I just published the second edition of the X-Ways Forensics Practitioner’s Guide. If you use X-Ways Forensics in any sense of running the application, you should get this book.  I can’t say that any stronger than that.  But this post is not about the X-Ways book, at least not completely. If you want to see the book or buy it, ...
Been a long time coming, but now comes the second edition of the X-Ways Forensics Practitioner's Guide.
Brett Shavers
Digital Forensics
The short story: The book is done! Get it at $20 off during the 100-hour book launch coming up in a few days (but only a limited number of books will be sold in the 100-hour book launch). Free shipping in the USA. International is available to ship, but not free..sorry… The book will afterward be available for purchase on Amazon (and elsewhe...
I lived a double life.
Brett Shavers
Digital Forensics
I lived a double life for a decade. I have now been away from that life for more than a decade and feel (a little) more comfortable talking about it. Not long after I left military service, I went to work as a patrol officer in a suburb of Seattle. When I thought the best years of my life were the years in the Marines with the best group of people ...
There is no censorship because I haven’t seen it.
Brett Shavers
Digital Forensics
Today, I posted on social media that my posts about not being censored were not censored. Obviously, the posts were not (yet) censored. But if they had been censored, no one would have ever known. That was the point of the posts. {source}<blockquote class="twitter-tweet"><p lang="en" dir="ltr">Twitter did not <a href="https://twitter...
There are Only Two things That set you Apart from Another DFIR Practitioner
Brett Shavers
Digital Forensics
Two things that set you apart from other practitioners are (1) what you know and (2) what you can do. In this litigious world where courts (and corporations regarding internal matters) rule on evidence, the rulings are usually based on a “person.”  By this, I mean that the ruling body, whether the court or corporate makes their dec...
When Being Self-Taught Goes Wrong
Brett Shavers
Digital Forensics
I had an interesting discussion with a highly educated and self-proclaimed computer-literate professional on the process to dedupe emails.  The interesting part is that I couldn’t believe what I was hearing about his process on how to dedupe files. https://www.merriam-webster.com/dictionary/self-taught I’ll sanitize this story to p...
Well, I didn’t see that coming…
Brett Shavers
Digital Forensics
  If you want to be entertained, block out 5 minutes of your time at 9am (PDT) on Friday, June 11th, to see how something so simple as asking for public records turned into a major cluster. I’ll be giving comments in an Open Public Meeting about a lawsuit in which I asked for some public records, they were all not provided, and some have...
Aren’t we neglecting something in DFIR?
Brett Shavers
Digital Forensics
The technical piece of DFIR is not difficult. If you know what you are looking for, and you know how to find it, the work is actually easy. I do not say this to mean that anyone off the street can do this work without training or education. I mean this as in once you are technically competent, the actual work allows you to excel even more so, techn...
The forensic process begins before processing forensics begins
Brett Shavers
Digital Forensics
I was asked an age-old question via a Twitter DM today: "Should I pull the plug or image live?" I thought this was a rhetorical or 'homework' question, because how would I know?  I gave a short answer of it depends on this and that, assuming that the question was being asked generally. But then, ....he messaged that he was standing in front of...
When OSINT is turned into the Baseball Bat of Internet Mob Justice
Brett Shavers
Digital Forensics
We are of a curious mind, we the forensic examiners, private investigators, OSINT professionals, and journalists. Our work is for the public good, and we are skilled in the effective wielding of the most powerful weapon on the planet: INFORMATION! We are experts in searching for it. Experts in interpreting it. Experts in sharing it. Experts in crea...
I took a look at Instagram's Terms of Service so that you won't have to.
Brett Shavers
Digital Forensics
Who really reads the Terms of Service anyway? Are EULAs and TOSs intentionally designed as multi-page, single-spaced, 4 font, legalized writing to confuse users or simply to dissuade users from reading past the first paragraph? A few highlights from Instagram “…you hereby grant to us a non-exclusive, royalty-free, transferable, sub-licensable, worl...
White Paper: The Susceptibility of Interconnected Devices in a Global Concept as Surveillance Affects the Consumer-user
Brett Shavers
Digital Forensics
I read an article that China used technology to spy on users via their phones (https://www.theguardian.com/us-news/2020/dec/15/revealed-china-suspected-of-spying-on-americans-via-caribbean-phone-networks).  Here is my white paper analysis. #1 - If a device has connectivity with at least one other device, it can be,  has been, or will be c...
How long does it take to get into the DFIR field?
Brett Shavers
Digital Forensics
Question I received: How long does it take before I can expect to get into a DFIR career? Answer: It depends! It depends on your available resources + available time + motivation to learn. Meaning The more of each of these that you have, the faster it will be. A lack of resources (software/hardware) means scraping together machines and free/op...
An expert is just one page in a book ahead of you
Brett Shavers
Digital Forensics
Let me dispel your notion of what an “expert” is. An expert is someone who has more information than you. That’s it. Imagine being stranded on a deserted island with a group of people and only one knows how to fish. That person just became an expert on fishing. The legal expert There are legal definitions of an expert geared specifically towar...
Should you improve your DFIR skills on your personal time?
Brett Shavers
Digital Forensics
Almost two years ago, I wrote about burning out in DFIR (“Only race cars should burn out"). I still stand by what I wrote at the time and if you haven’t read the post, take a read of it to maybe get a tip or two that could be helpful for you or someone you know. I want to peel back one aspect of preventing burning out that some take too far, which ...