Menu
  • Home
  • My Books
  • Courses
  • About Me
  • Contact
  • Home
  • My Books
  • Courses
  • About Me
  • Contact

Brett Shavers | forensics & things

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password

Digital Forensics

MAR
22
0

Overcommitted in DFIR

Posted by Brett Shavers
in  Digital Forensics
I have seen people be overcommitted, realize that they are overcommitted, yet continue forward in the most serious of situations. By overcommitted, I do not mean that they took on more than what they could handle, but that they started down a path, c...
Continue reading
0
  20397 Hits
Tweet
Share on Pinterest
20397 Hits
MAR
09
0

'You're guilty unless you can prove it'

Posted by Brett Shavers
in  Digital Forensics
Swift on Security tweeted a great article. The article is not great as a well-written piece or containing earth shattering news piece, but more that the article brings up a few questions and assumptions to think about on any legal matter.<... Continue reading
22145 Hits EasyBlog.require() .script("site/bookmarklet") .done(function($) { $('#sb-1208972823').bookmarklet('facebook', { "url": "https://www.brettshavers.com/brett-s-blog/entry/you-re-guilty-unless-you-can-prove-it", "send": "1", "size": "small", "verb": "like", "locale": "en_GB", "theme": "light", "tracking" : false }); }); EasyBlog.require() .script("site/bookmarklet") .done(function($) { $('#sb-758327267').bookmarklet('linkedin', { "url": "https://www.brettshavers.com/brett-s-blog/entry/you-re-guilty-unless-you-can-prove-it", "size": "small" }); }); Tweet 22145 Hits { "@context": "http://schema.org", "mainEntityOfPage": "https://www.brettshavers.com/brett-s-blog/entry/you-re-guilty-unless-you-can-prove-it", "@type": "BlogPosting", "headline": "'You're guilty unless you can prove it'", "image": "https://www.brettshavers.com/images/tufts.jpg", "editor": "Brett Shavers", "genre": "Digital Forensics", "publisher": { "@type": "Organization", "name": "Brett Shavers", "logo": {"@type":"ImageObject","url":"https:\/\/www.brettshavers.com\/media\/com_easyblog\/images\/schema\/logo.png","width":60,"height":60} }, "datePublished": "2019-03-09", "dateCreated": "2019-03-09", "dateModified": "2019-03-09", "description": "forensics and things", "author": { "@type": "Person", "name": "Brett Shavers", "image": "https://www.brettshavers.com/images/easyblog_avatar/42_brett.JPG" } } MAR 05 0 “I've answered questions, responded to emails, and been on phone calls...when asked.” – Harlan Carvey Posted by Brett Shavers in Digital Forensics I feel obligated to respond to one of Harlan Carvey’s points in his recent blog post, Book Writing Misconceptions (https://windowsir.blogspot.com/2019/03/book-writing-misconceptions.html). I agree with everything he points out about book writin... Continue reading
3868 Hits EasyBlog.require() .script("site/bookmarklet") .done(function($) { $('#sb-106353039').bookmarklet('facebook', { "url": "https://www.brettshavers.com/brett-s-blog/entry/i-ve-answered-questions-responded-to-emails-and-been-on-phone-calls-when-asked-harlan-carvey", "send": "1", "size": "small", "verb": "like", "locale": "en_GB", "theme": "light", "tracking" : false }); }); EasyBlog.require() .script("site/bookmarklet") .done(function($) { $('#sb-483765782').bookmarklet('linkedin', { "url": "https://www.brettshavers.com/brett-s-blog/entry/i-ve-answered-questions-responded-to-emails-and-been-on-phone-calls-when-asked-harlan-carvey", "size": "small" }); }); Tweet 3868 Hits { "@context": "http://schema.org", "mainEntityOfPage": "https://www.brettshavers.com/brett-s-blog/entry/i-ve-answered-questions-responded-to-emails-and-been-on-phone-calls-when-asked-harlan-carvey", "@type": "BlogPosting", "headline": "“I've answered questions, responded to emails, and been on phone calls...when asked.” – Harlan Carvey", "image": "https://www.brettshavers.com/images/images/phone.jpg", "editor": "Brett Shavers", "genre": "Digital Forensics", "publisher": { "@type": "Organization", "name": "Brett Shavers", "logo": {"@type":"ImageObject","url":"https:\/\/www.brettshavers.com\/media\/com_easyblog\/images\/schema\/logo.png","width":60,"height":60} }, "datePublished": "2019-03-05", "dateCreated": "2019-03-05", "dateModified": "2019-03-06", "description": "forensics and things", "author": { "@type": "Person", "name": "Brett Shavers", "image": "https://www.brettshavers.com/images/easyblog_avatar/42_brett.JPG" } } Previous Next 5 6 7 8 9 10 11 12 13 14 EasyBlog.require() .script('site/posts/posts') .done(function($) { $('[data-blog-posts]').implement(EasyBlog.Controller.Posts, { "ratings": true }); $('[data-show-all-authors]').on('click', function() { $('[data-author-item]').each(function() { $(this).find('img').attr('src', $(this).data('src')); $(this).removeClass('hide'); }); // Hide the button block $(this).addClass('hide'); }); $('[data-more-categories-link]').on('click', function() { $(this).hide(); $('[data-more-categories]').css('display', 'inline-block'); }); });EasyBlog.ready(function($){ // Prevent closing $(document).on('click.toolbar', '[data-eb-toolbar-dropdown]', function(event) { event.stopPropagation(); }); // Logout $(document).on('click', '[data-blog-toolbar-logout]', function(event) { $('[data-blog-logout-form]').submit(); }); // Search $(document) .off('click.search.toggle') .on('click.search.toggle', '[data-eb-toolbar-search-toggle]', function() { var searchBar = $('[data-eb-toolbar-search]'); var ebToolBar = $('[data-eb-toolbar]'); ebToolBar.toggleClass('eb-toolbar--search-on'); }); }); Brett's blog Posts List EasyBlog.ready(function($) { $('[data-module-easybloglist-600fe53892f37]').on('change', function() { var item = $(this).children(':selected'); window.location = item.data('permalink'); }); }); Select a blog entry Sharing the love with WinFE An update to a long awaited project Building your WinFE Update Colin's Write Protect Application WinFE Script Updated For those that still haven't tried WinFE.... Winbuilder Tutorial WinFE "Lite" Creating a VMware Virtual Machine from a Raw Image File How many users of WinFE? Getting Ready for a Shadow Volume Exam Adding Our Target System to Our SEAT Workstation "Remote" Collections with WinFE, a neat trick Mounting Shadow Volumes A little reminder about 'write protection' Colin's Final Version of his write protect application X-Ways Forensics Practitioner's Guide is coming! Windows 8 and WinFE Getting a Quick Look at Shadow Volumes RAIDs & Virtual Machines WinFE Presentation WinFE updated Build questions 2012 in review 2012 in review WinFE Presentation in Seattle X-Ways Forensics Install Manager Chapter 3 is in tech review! CTIN 2013 Presentation Talking about XWF in the CTIN Digital Forensics Conference Chapter 6 is wrapping up! Placing the Suspect Behind the Keyboard - NEW BOOK! X-Tensions, what would you like to see it do? XWFIM updated Coming soon...X-Ways Forensics Report Tweaker, or XWFRT for short XWFRT now available XWFRT 0.0.4.6 released XWFRT and XWFIM updated XWFIM goes International! XWFRT updated to 0.4.8 Table of contents updated! Case Studies with X-Ways WinFE and UEFI Secure Boot! Starting the last chapter! Starting the last chapter! Multiple File Finder X-Tension for X-Ways Forensics Case Studies XWFIM updated Take the XWF class or buy the book? Is WinFE still being used? Writing is done! About those case studies..... The bar is now closed... "This book is going to be great!" XWFIM version 0.0.5.4 released Hitler rants about Encase training policies - Downfall parody Running Autopsy 3 Digital Forensics Platform on WinFE Lite for Triage Forensics XWF Practitioner's Guide Date Change A great interview with Author Eric Zimmerman. Making the build even easier A few more days... Now this is good. Another free tool for X-Ways, from Magnet Forensics 40% Discount off the X-Ways Forensics Practitioner's Guide Some bad news and some good news on the XWF Guide... Temporary 40% discount on a book I wrote Last day for the 40% discount on the XWF Guide! The XWF Guide discount ship has sailed The X-Ways Forensics Practitioners Guide is available in Kindle! Book stuff Guess I'm not the only one with a Kindle... Elsevier SciTechConnect The XWF Guide aka, "going like hot cakes" Positive Feedback Want a free and signed copy of the XWF Guide? It's yours! XWF Guide Review by Ken Pryor Another short-run sale XWF Guide as #2 best seller (in Forensic Science) on Amazon Clean up on aisle 7... X-Ways Users Conference Cool. Download the XWF Guide to your iPad, iPhone, iTouch, or iPod Hindsight is 20-20 Creating distributable test images Best publicly available testing of WinFE I've seen to date Another discount on the XWF Guide at $37.96 Updated link on the Mistype project Mini-WinFE X-Ways Forensics and WinFE Mini-WinFE is out of beta! Quick video on building a Mini-WinFE WinFE article in eForensics Magazine Imaging with X-Ways Forensics Cloud Storage Forensics and XWF Something else cool about XWF A very kind review of Placing the Suspect Behind the Keyboard X-PERT Certification Program CyberCrime 2013 Symposium XWF Guide translations X-Ways Forensics Imaging Article X-Ways Forensics Install Manager Cool update to the XWFIM, Portable Install Integrated Scripts to WinFE Thesis on WinFE, shared by Alex Van Ginkel Cloud Storage Forensics book review Cloud Storage Forensics Natural Progression for New Users of WinFE More WinFE work and research! Windows Forensic Analysis, Fourth Edition WFA/4e No surprise. XWF does something other tools don't WinFE has some street cred with the Scientific Working Group on Digital Evidence Hacking Exposed - Daily Blog #242, How to build WinFE to add to the Multiboot thumbdrive Another reason to use, try, or at least just learn about XWF A gathering of the X-Ways users in Australia From Hacking Exposed: Adding the WinFE Image to the Multiboot Thumbdrive Image (Video) WinFE (and of course, XWF) Not X-Ways, but of interest to Encase users Network Investigation & Digital Triage by SEARCH.org Hey look! Now there is a book on FTK. "Placing the Suspect Behind the Keyboard" discount code Humbled and honored Vote for your favorite book. Vote for your favorite book Book Review: Windows Forensic Analysis Toolkit, 4th Edition WinFE Success Story Free Course Materials - Placing the Suspect Behind the Keyboard Mini-WinFE Updated www.reboot.pro discussion | DMDE - Basic Disk Imaging Test (and results) Suggestions for a WinFE Imaging Tool Based on Clonedisk? "Based upon the test results it is possible to run all versions of WinPE on a system with only 128 MB of system RAM" Coming Soon, Online WinFE Training Program A Quicker Way to the Shadow Volumes and Dealing with Win 8 VHDXs Some Interesting WinFE Related Stuff I Found Online Vote for the best book right away! WinFE Course Don't blame me... WinFE online is done, except for a few little things Digital Forensics Book of the Year! New X-Tension: Up to 30GB min speeds on SSD drives! Windows Forensic Environment - WinFE Online Course Now Available WinFE course snafu Keep up with WinFE on Twitter X-Ways Forensics Online Training Mini-WinFE has been updated X-Ways Forensics Practitioner's Guide Online II Thanks to Ken Pryor for his kind review of the WinFE online course Last day of discounted X-Ways Forensics online course Cool work at the Windows Triage Environment Free WinFE course SEARCH High-Tech Crime Trainers to Debut WinFE as a new topic X-Ways MD5 Hash Manipulator BlockHasher for XWF WinFE Taught in Australia C4All X-Tension for CETS users Forensic Training with WinFE. Cool. XWF II and III... New version of X-Tension USB Malware and WinFE Workarounds to Workarounds (and some hints & reminders) Image a Surface Pro using bootable UEFI WinFE Updates to X-tension and Hash File Manipultator Barely any updates to WinFE :( C4All X-tension update Is it worth the time to figure out WinFE? More on Autopsy and WInFE Another Discount on the XWF Guide at $37.96 Book Review: Windows Forensic Analysis Toolkit, 4th Edition X-Ways Online Training Course I had a blast presenting for ICAC at Microsot Tor is perfect! (except for the user....) A little update coming for Mini-WinFE Teaching Digital Forensics at the University of Washington Libraries and the Tor Browser Massive Government Surveillance - Not a new thing RegRipper The best part of writing a book is finishing the book. What is this thing "privacy" you speak of? Tech Talk Can Get You Lost in Lingo Bio-hacked humans and digital forensic issues... Books written by practitioners are many times better than those written by those who 'never done it' Apple. Oranges. And Encryption. Let's not go all Patriot Act on this Apple - FBI encryption thing. Dude, just write the book. The four corners of the Apple v FBI encryption debacle Barking up the Encryption Tree. You're doing it wrong. I'm just a Tor exit node! I'm just a Tor exit node! When everyone's talking about it Reviewing a tech book technically makes you a peer reviewer… Behind the Keyboard - Enfuse 2016 Presentation download The Secret to Becoming More-Than-Competent in Your Job Compiling Identity in Cyber Investigations Never a shortage of examples Mini-WinFE and XWF The Value of a Good Book in the Forensics World of Things Virtual Machines, like anything else in technology, can be used for bad X-Ways Forensics Sucks…. Ye ol’ Windows FE Jimmy Weg's blog archive Learn by drawing out the experiences of others The most important tool in DFIR that you must have... Tag Cloudinvestigations gmail X-Ways Forensics winfe University of Washington North korea surveillance training tor browser bitcoin Windows Forensic Environment Placing the Suspect Behind the Keyboard investigation Bitcoin Forensics bitcoin forensics RegRipper windows forensic environment presentations book Hacker Jimmy Weg Hiding Behind the Keyboard writing dfir imaging expert X-Ways Forensics Practitioner's Guide 4cast phishing case studies email forensics windows fe Registry Forensics Virtualization privacy Volume Shadow Copy wiretap Search Blog Search Most popular posts Brett Shavers 06 December 2015 RegRipper Digital Forensics The short story-if you want RegRipper, get it from GitHub (don't download it from anywhere else)http://github.com/keydet89What is RegRipper?RegRipper was created and maintained by Harlan Carvey. ...
38786 Hits 3 comments Read More Brett Shavers 25 April 2019 Game of Thrones, DFIR Style Digital Forensics Short post and quick opinion. I came across some tweets today about how bad people are in the #infosec/#DFIR community and I dug a little deeper. Actually, I didn’t have to dig far at all to find trul...
37312 Hits 0 comments Read More Brett Shavers 10 September 2019 The Five Stages of the DFIR Career Grief Cycle Digital Forensics I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig, that I was honored that he agreed to write the foreword of a book that Eric Zimmerma...
36773 Hits 0 comments Read More EasyBlog.require() .script('site/vendors/ratings') .done(function($) { $('[data-eb-module-most-popular-post] [data-rating-form]').implement(EasyBlog.Controller.Ratings); }); Magnet Forensics Conversation DFIR Training Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related. Even better, support DFIR Training by subscribing at https://www.dfir.training/subscribe-3 and get access to multiple online courses in digital forensics with included ebooks! More posts EasyBlog.require() .script('ratings') .done(function($) { $('[data-rating-form]').implement(EasyBlog.Controller.Ratings); }); Date Date When OSINT is turned into the Baseball Bat of Internet Mob Justice When OSINT is turned into… When OSINT is turned into the Baseball Bat of Internet Mob Justice We are of a curious mind, we the forensic examiners, private investigators, OSINT professionals, and journalists. Our work is for the public good, and we… Thursday January 14 by Brett Shavers 6624 hits / 0 comments I took a look at Instagram's Terms of Service so that you won't have to. I took a look at… I took a look at Instagram's Terms of Service so that you won't have to. Who really reads the Terms of Service anyway?Are EULAs and TOSs intentionally designed as multi-page, single-spaced, 4 font, legalized writing to confuse users or simply… Saturday December 26 by Brett Shavers 8546 hits / 0 comments White Paper: The Susceptibility of Interconnected Devices in a Global Concept as Surveillance Affects the Consumer-user White Paper: The Susceptibility of… White Paper: The Susceptibility of Interconnected Devices in a Global Concept as Surveillance Affects the Consumer-user I read an article that China used technology to spy on users via their phones (https://www.theguardian.com/us-news/2020/dec/15/revealed-china-suspected-of-spying-on-americans-via-caribbean-phone-networks). Here is my white paper analysis.#1 - If... Wednesday December 16 by Brett Shavers 4701 hits / 0 comments How long does it take to get into the DFIR field? How long does it take… How long does it take to get into the DFIR field? Question I received: How long does it take before I can expect to get into a DFIR career?Answer: It depends!It depends on your available resources +… Thursday November 12 by Brett Shavers 14902 hits / 0 comments An expert is just one page in a book ahead of you An expert is just one… An expert is just one page in a book ahead of you Let me dispel your notion of what an “expert” is. An expert is someone who has more information than you. That’s it. Imagine being stranded… Friday October 30 by Brett Shavers 5832 hits / 0 comments Should you improve your DFIR skills on your personal time? Should you improve your DFIR… Should you improve your DFIR skills on your personal time? Almost two years ago, I wrote about burning out in DFIR (“Only race cars should burn out"). I still stand by what I wrote at… Friday September 04 by Brett Shavers 28430 hits / 0 comments TikTok is like a big, greasy cheeseburger. We know it is bad for us, but don't care. TikTok is like a big,… TikTok is like a big, greasy cheeseburger. We know it is bad for us, but don't care. Short version: Any social media platform can be compared to the biggest, greasiest cheeseburger that you can find. You know that the cheeseburger is unhealthy,… Tuesday July 07 by Brett Shavers 24033 hits / 0 comments Jessica Hyde and I talk about forensic stuff Jessica Hyde and I talk… Jessica Hyde and I talk about forensic stuff Jessica Hyde of Magnet Forensics sat down together (virtually...) to talk about forensics. In case you missed it, here it is! Thursday June 11 by Brett Shavers 10751 hits / 0 comments Facebook Spoofing: Your Reputation, Investigations, and Massive Data Collection Facebook Spoofing: Your Reputation, Investigations,… Facebook Spoofing: Your Reputation, Investigations, and Massive Data Collection A “new” article on imposter Facebook accounts was published today in the Philippines. I put “new” in quotes because this is not a new issue,… Sunday June 07 by Brett Shavers 2671 hits / 0 comments You do not want to work in DFIR. You do not want to… You do not want to work in DFIR. The fantasySo many people ask how they can start a career in the DF/IR field, which is completely understandable. The glamour is there. Hollywood shows… Thursday June 04 by Brett Shavers 3295 hits / 0 comments COVID-19’s Investigative Impacts on Digital Forensics/Incident Response (DFIR). AKA: All burners are now burned. COVID-19’s Investigative Impacts on Digital… COVID-19’s Investigative Impacts on Digital Forensics/Incident Response (DFIR). AKA: All burners are now burned. The meat and potatoesA bit is still a bit and a byte is still a byte. COVID-19 cannot change that, which means that the technical… Saturday April 25 by Brett Shavers 16870 hits / 0 comments Mini-WinFE 10 and WinFE 10 Updated Mini-WinFE 10 and WinFE 10… Mini-WinFE 10 and WinFE 10 Updated The short story on the newest Mini-WinFE 10 (aka, the download link):Mini-WinFE has been updated and upgraded. I update WinFE developments (including the downloads for… Sunday April 05 by Brett Shavers 10838 hits / 2 comments Eat your broccoli first Eat your broccoli first Eat your broccoli first Something good and something not-so-good on learning DFIRThe good thing about learning DFIR is that there are probably fewer barriers and obstacles to learn and… Saturday January 18 by Brett Shavers 30983 hits / 0 comments The Second Decade of the 2000s is almost over! The Second Decade of the… The Second Decade of the 2000s is almost over! We’ve come a long way in DFIR over the past 20 years, and even looking at just the past decade, the field has drastically grown!… Thursday December 26 by Brett Shavers 10729 hits / 0 comments Public Records Public Records Public Records I have an outstanding public records request. It is not "outstanding" in the manner that I wrote a great request, but "outstanding" in that I… Thursday December 12 by Brett Shavers 5231 hits / 0 comments The Five Stages of the DFIR Career Grief Cycle The Five Stages of the… The Five Stages of the DFIR Career Grief Cycle I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig,… Tuesday September 10 by Brett Shavers 36773 hits / 0 comments Our World is Going to Turn Upside Down with DeepFakes Our World is Going to… Our World is Going to Turn Upside Down with DeepFakes The short storyAny person and their voice, in practically any video (past, present, or future) can have their face and voice digitally replaced with any… Sunday September 01 by Brett Shavers 4467 hits / 0 comments If you are comfortable in DFIR, you might be doing it wrong If you are comfortable in… If you are comfortable in DFIR, you might be doing it wrong I took a 3-day basic forensic course and embarrassingly enough, the instructor (in front of the class), said that I probably know everything in the… Thursday August 29 by Brett Shavers 4812 hits / 0 comments Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp Everything I Needed to Know… Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp You don’t need to experience military life to learn the valuable lessons that are drilled into military recruits. In fact, you can probably enjoy the… Saturday August 17 by Brett Shavers 6443 hits / 0 comments Personality of a computer Personality of a computer Personality of a computer From a recent discussion that I had with Harlan Carvey about the registry, this topic is something that I touched on lightly in Placing the… Wednesday July 31 by Brett Shavers 5108 hits / 0 comments {source}

© 2021 Brett Shavers