Brett Shavers's Blog, page 3

After dozens of rewrites, fresh starts, and scrapped chapters, I’ve finally locked into the version of Placing the Suspect Behind the Keyboard: DF/IR Investigative Strategies (Vol. 3) that I know needs to be written. And yes, you'll be able to order ...

Trying to get into DF/IR breaks most people. So, you’re not going to make it.  If you’re offended by the title of this post, good. That’s step one in figuring out you’re probably not cut out for this work. I’ve seen too many people get excited a...

The cybersecurity competence bar’s dropped so low it’s in the basement. Companies don’t want experts; they want button-pushers who’ll work cheap. DF/IR’s soul, placing the suspect behind the keyboard, is getting lost in the automation and artifi...

In 2008, Troy Larson gave me the build instructions for WinFE (Windows Forensic Environment). Troy figured out how to make a Windows winpe boot in a forensically sound manner with registry changes. At the time, the concept of a Windows-based forensic...

Every DF/IR investigator has missed something. It is virtually impossible to find every bit of relevant evidence. Some are gone forever, others are comingled in a sea of electronic data that is easy to miss, and some have been intentionally hidden. C...

There’s a hard line between working toward an objective and chasing a result, and if you don’t know which one you are doing, you are already lost. The most glaring issue I see when peer reviewing DF/IR reports* is when the examiner/analyst/investigat...

TL:DR “Opinions are like assholes; everyone has one, and they all stink.” – One of my Bootcamp Drill Instructors Expect your credibility to be attacked in court. Opposing counsel isn’t just looking to poke holes in your findings but to obliterate you...

Every investigation hinges on one critical factor: human error. As a DF/IR investigator, your ability to spot and exploit those errors while avoiding your own is what separates success from failure, and you from your adversary. Let me show you how to...

The clock is racing. A global breach is unraveling on one side of the room; millions siphoned in real-time, systems crashing, and reputations crumbling by the second. On the other, the unthinkable: a child has been taken. A predator lured her online,...

The field of DF/IR attracts professionals from all walks of life, from law enforcement, academia, private industry, and even IT pros. One of the trends over the years is the number of IT professionals transitioning into the world of digital forensics...