Brett Shavers's Blog, page 5

AI in the DFIR Crosshairs: How AI Fits into Digital Forensics One of the most important rules in science and in Digital Forensics and Incident Response (DFIR)—is repeatability. This means that if you follow the same steps under the same conditions, y...

We’ve all heard the phrase, “Trust the experts,” implying that advanced degrees and years of experience guarantee the correct answer. But experts are still human—and humans make mistakes. Throughout history, even the brightest minds have been wrong d...

Digital Forensics and Incident Response (DFIR) is a term frequently used in the cybersecurity world, often without fully understanding the distinct roles of Digital Forensics (DF) and Incident Response (IR). While these fields share tools, training, ...

Over the years, I've had the privilege of working alongside many talented individuals in the DFIR communities in both the public and private sectors. Our field is ever-evolving, with new tools and technologies emerging at a rapid pace. Yet, despite t...

Why DFIR Investigative Thinking is Critical—and Why It’s So Hard to Teach In DFIR, the investigative mindset is the difference between solving cases and missing crucial evidence. While we’ve become skilled at teaching tools, certifications, and degre...

AKA: The Last Thing We Want in DF/IR is the First Thing We Need in DF/IR, Part Deux TL:DR DFIR standards are a mess—a confusing, convoluted, and chaotic disaster that’s doing more harm than good. And we have no one to blame but ourselves. Vendors, un...

One of the most critical tasks in digital forensics and incident response (DFIR) is attributing a cyber incident or crime to a specific suspect. This process, referred to as placing the suspect behind the keyboard, requires meticulous analysis, evide...

Have you been spending years and thousands of dollars on training, earning certifications, getting degrees, testing tools, researching, and writing blogs? Have you been frustrated, stressed, and overwhelmed in searching for the mystical golden key to...

I'm going to give a few tips to prevent you from wrecking your next case. First, consider that every case is like standing in a maze with an infinite number of doors, each leading an entry to a different universe with a different case outcome. All bu...

TL:DR I was wrongly accused of plagiarism, but the accuser has privately admitted their mistake. Due to the lack of a public retraction, I am compelled to clarify the situation myself. Overview In the spirit of transparency within our community, I am...