Menu
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact
  • Home
  • Brett's Blog
  • My Books
  • Courses
  • About Me
  • Contact

Brett Shavers | Ramblings

Brett's Ramblings

Subscribe to blog
Unsubscribe from blog
Settings
Sign In
If you are new here, Register
  • Forget Username
  • Reset Password
Brett Shavers

Brett Shavers

SEP
23
0

Like math, talking to people in DFIR is hard. But here is a tip.

Posted by Brett Shavers
in  Digital Forensics

I have a good friend who is a natural with people.  He makes you feel like you have known him all your life after having just met minutes prior.  I am totally not like that. Seems like many in this computing industry as a whole are generally not extroverted, and that impedes our personal and professional growth.

Yes, there are plenty of exceptions, but honestly, are you more comfortable looking at a screen or in someone's eyes? 

To be clear, I see nothing wrong with being introverted or shy or just wanting to be left alone.  But we limit our potential by willingly staying within ourselves and not engaging with others.

 Give something to someone, expect nothing in return, and you might receive the world

I have plenty of years of attending conferences and training where I did not engage with anyone. I have sat in the rooms, took notes, and gone about my business to learn from the presentations without even trying to say hello to anyone. It took me a long time to talk to “strangers” at a conference or training event.  It is still not easy for me to speak to someone that I don't know, so when I do speak to someone, it generally means that I so much wanted to talk to his person that I will break all restraints that my brain puts on me to just be the fly on the wall.

So, here is something that I have been wanting to do to help others like me as a way to break the ice at a conference, trade show, training course, or even in a workplace. Have you ever wanted to walk up to a specific person to say hello, to say that you appreciate their presentation, or read their blog, or use their software but had nothing to say and walked away?  Or how about ever wanting to welcome a newbie to the field but unsure of what to say?

Consider that if you give something to this person, you may have an unending wave of goodness coming to you in the future. Maybe you won't, maybe you will, but the point is not an intention of getting anything in return. It is about giving and sharing, and there's nuthin wrong 'bout that.

How about giving that person a book?

And not just a “book”, but a book that has been signed by the author with the author’s personal note, and signed by another with their personal note, and signed by you with your personal note? A book that is unlike any other copy that creates an opportunity to engage across several readers.

This the DFIR Book Challenge that I started some years ago but paused during the lockdowns since no one was meeting anyone anywhere. But now we are free to travel and meet and speak and engage.  I am restarting this challenge with my latest book (X-Ways Forensics Practitioner’s Guide/2E) and will be continuing with as many DFIR books that authors will sign for me to giveaway.  Donated books are awesome, but I’ll buy as many as needed to keep giving away. I have one book readied for next month and will work toward others each month forward.

By the way, if you wrote a DFIR book, regardless of when you wrote it, I want to give it away! My email is open.

There are many blog posts on the Internet about engaging in this amazing field of DFIR and all have great ideas. Engagement with another is more than just exchanging technical processes. The DFIR Book Challenge is just one more way to engage.

Cconnecting with another in this field will inspire you, and you can inspire others. Inspiration is the key to learning, in teaching, in sharing, and in doing.

If you don’t have inspiration in what you are doing now, put the effort to find it now.  Or create it. Or borrow it. Or share it. Or be it.

Personal story

Years ago, I taught use-of-force training at the police agency where I worked. After a decade of teaching, an officer who was involved in a deadly force shooting encounter came up to me after a shooting. He gave me a hug and said that during the encounter, words that I had said repeatedly in training was the only thing going through his mind. And he thanked me for the inspiration in training. 

This happened to me both as a trainer in the military and police work. Each time was years after having shared  to others in training that what I knew and experienced.  Never did I expect or want confirmation or appreciation.

Never underestimate the power of a grain of inspiration as it is inspiration that turns a blank canvas into a masterpiece.

  4799 Hits
Tweet
Share on Pinterest
4799 Hits
SEP
11
0

There I was, just getting ready for work....

Posted by Brett Shavers
in  Digital Forensics

I sometimes carried up to 10 cell phones at one time for work. Each phone had its own purpose. One or two of these phones were used for case calling criminal targets in one country. Another phone was used to call another target in a different country. One was used to call informants. Others used to call targets in different investigations locally. On this particular day, I had four cell phones. Three were burner phones and one was my official work phone.

The day was September 11, 2001, and my official work cell phone rang early in the morning while at home. My narc partner called to tell me to turn on the television. That was my introduction to 9/11. That was also the day that many things changed not only in my career field, but in life.

Numbers are more than just numbers

One good thing about numbers is that you can visualize numbers as it compares to something else. The numbers of 9/11 and everything related to it, however, is incomprehensible.

On and from that date of 9/11/2001, there have been over half a million people killed around the world directly related to the attack on the World Trade Center. More than 500,000 dead including military, contractors, and civilians is not insignificant. 

Visualizing that number as people shocks the senses. There are 32 countries on this planet, each having less than 500,000 in population. Most cities on this planet have less than that number in population. Cities like Bakersfield California, Minneapolis Minnesota, Orlando Florida, and even Atlanta Georgia, each have populations that are less the number of people killed because of 9/11.

This number doesn’t even include the number of people who have been wounded. There have been over 50,000 wounded just in the US military service members alone. The term wounded does no justice to describe what that means as it relates to amputations and posttraumatic stress. Add to that the suicides directly caused by so many wars. And I don’t even know if there is any way to measure civilian injuries.

It is just business

Then we have the “business” effects of 9/11. The airline and travel industries were devastated. Stock market erupted into panic selling. The economies around the world were hit hard. This impacted so many more people directly with lost businesses and lost jobs.

If you are old enough, you will remember being able to meet friends and family at the gate in the airport, without needing to have a ticket or boarding pass yourself. You remember not having a TSA or have in your naked body visually scanned with machine and viewed by security. You remember not having to take off your shoes and your belt before being patted down and scanned. Retina scans, swabs for explosives, and scans of your body are here forever more.

New toys with new power

The reaction to 9/11 created entire new markets for innovation, surveillance, legal authority, and new companies. I saw firsthand the creation and implementation of the Patriot Act. I saw the spending of so much government money on so much technology that made a law enforcement investigation so much easier.

At my desk in a federal task force, I had access to databases that I thought only existed in movies like Minority Report. At this time, I was sent to computer forensics training all over the country given by different vendors and government agencies. I had never known there were so many federal agencies until that time of being taught by them and with them. I was given a half-dozen pelican cases full of computers and gear. I must have had more than six months in classrooms being taught forensic analysis of all types of computing devices and networks. I cannot imagine the cost but assume it was more than my annual salary times two or three.  The money was free flowing.

I had access, the ability, and used technology to wiretap cell phones, hardlines, Internet, and even cars. I was slapping on GPS trackers on cars. I was legally stealing cars with search warrants to install GPS trackers. I helped to legally break into homes and businesses to install audio and video devices. I worked “T” cases with the alphabet agencies involving money-laundering, drugs and arms trafficking, and IEDs being conducted by terrorists in the USA. I built up miles from flying all over the country (across, in and out) and no expense was spared in undercover ops with flashy cars, hotels, meals, and "items to impress."

The ability to make a phone call and ask for the financial history of a person was incredible as I could get information on practically every dime made or spent by a person. I was able to arrange surveillance to be conducted by special people (I’ll leave it at that for the type of “special people”) at any US border to watch for my targets cross the border whether by foot, quad, helicopter, plane, and sometimes a tunnel.

I had reports given to me in my ICE group that came from the DEA which came to them from the NSA containing information on communications intercepted by various intelligence communities. The only requirement using this information in my case was to not disclose it, and to corroborate the information elsewhere that could be used in a case. Strange, right?

While I was doing these organized crime and “T” investigations as one small cog here, Operation Iraqi Freedom, Operation Enduring Freedom, Operation Inherent Resolve, and other operations were ongoing overseas. I was fortunate to "play" with so many of this new technology, some of which is still not-so-publicly known.  I was fortunate to have been given a crazy amount of forensic training, certifications, and experience in so many different types of cases.  Little of this was easy, none of it was freely given to me, but all of it is treasured as experiences.

I was drawn up into this fast-paced, incredibly awesome technology development, and witnessed the awesome power of a government, and some of it was not only not good, but it was bad.

What happened to us

We went to far.  We overdid it.  And few tried to put on the brakes to reflect on what was happening. When given a free ticket to ride, government will ride it into the ground, and that is what we did.

We had initially rallied together around a common cause and supported not just our country, but others as well. We were on a good path. We were unified; undivided.

Somewhere along the line, we lost that.

Somewhere along the line, war became norm to the point of not even being mentioned on the news anymore.

Somewhere along the line, economies became war-focused because of immense war profit. 

Somewhere along the line, uncommon investigative methods and technology was being used too commonly, making it seem "normal" and not unreasonably intrusive.

We lost faith and love in our neighbors.

My sadness is that we have an entire generation born after 9/11 who have only experienced war, and many of those are serving in a war that began before they were born. Born into a war only to fight in it is a tragedy for entire generation.

Forgetting

I forget things. My wife reminds me of many things that I forget. Don’t tell her, but some of those things are those that I intentionally try to forget, like vacuuming…

But I will never forget the “before time” where most of today’s technologies did not exist and there was no need for it. I will remember when there were no secret warrants and immense surveillance on every aspect of our lives. 

I will also never forget the trials and tribulations of raising two kids during this time. The arguments (?) of not giving our kids cell phones or unfettered access to the Internet was tough. Listening to "but all my friends are on Facebook" and "all my friends have cell phones" and not giving in was difficult. I was fortunate because of the work that I was doing gave me (ugly) insight to what happens on the ethernet to children.  My wife and I do not regret our decisions and tough love where our kids had to suffer not 'being online' like all of their friends.  As a side note, one did tell me that it was appreciated what we did because of what happened to others in college because of online postings during high school.

The first new generation

For those born into post-9/11, it is “normal” to accept that your smart phone is a GPS device that is logging everywhere you go every day of your life. It is “normal” to accept that practically all of your activity on the computer or in public is being recorded, logged, analyzed, and saved as potential evidence in a criminal investigation in the future. It is “normal” to accept that we are always in a war in multiple countries. It is “normal” to accept that joining the military means probably going to war in some capacity and some country at some point. It is “normal” to accept that your private Facebook messages and Gmail are being read and archived by humans, not just machines.

For me, this is abnormal.

For me, I will never forget.

Sadly, all of this will be forgotten and be normal.

  6540 Hits
Tweet
Share on Pinterest
6540 Hits
JUN
19
0

The spark of a book

Posted by Brett Shavers
in  Digital Forensics

I believe that most every book begins by seizing upon the spark of an idea before the idea fades.  This book, the one that Mark Spencer and I are writing, is no different.

But first, let me give credit where credit is due, for I will never take the spotlight from another who deserves it.  Mark is an extraordinary forensicator (I actually do not like that word, but what else is there?).  His casework has been featured internationally.  He has presented on some of it and the little that he can share has always been impressive.  This book revolves around his casework. I will merely validate what has already been validated many times over.

What is this new forensic book about?

The story in our upcoming book, which won’t be out until 2023 is Mark’s baby.  Mark and his team did incredible work, and this book will highlight some aspects of a case. Although we are writing as one, my intention is to help get the story out, in both a manner that every forensic analyst must read to reduce making mistakes and for the public to read to grasp a sliver of how important DFIR work is to countries and individuals. You will see forensics with a entirely different perspective after reading this book.

At this point, the actual story won’t be let out until we get closer to the end, nor will the forensic feats be detailed until then as well.

I am humbled to see this book from the beginning and can’t wait to read the finished product.  I have another book in progress, which will also be released near the same time or sooner, but this book is different.

This book won’t be like any forensic book that you’ve read before because of the manner of the way that it is being written.

 

That spark for a book

This is the one-thing that I want to get across in this blog post (if you ever listened to any of my presentations, you know how I feel about “one thing”): 

The spark for a book can and will come anytime and be unexpected. And it will die out faster than Windows ME if you don’t act on it.

In this case, I met Mark for the first time at a conference, where I introduced myself and told him how much I enjoyed his presentation. No need to go into details about Mark, other than it is easy to figure out that he is a cool guy, knows what he is doing, and is also a humble human.

This is another “one-thing” by the way:

Go say ‘hello’ or ‘great presentation’ or whatever when you have a chance to whomever you wanted to speak with, because that opportunity will disappear the longer you wait.

That one conversation was the spark of this book.  It didn’t happen at that very moment, but that seed grew in a few years to when the decision to put a forensic story on paper was made.  Maybe the book would have happened at another point in time, but certainly it is happening faster than ever now.

It is so easy to write a book!!

That’s a lie.  Show me someone who says that it is easy to write a book and I’ll show you someone who never written a book.  For me, I think that I have a harder time writing books than anyone else.  But I also bet that everyone else thinks that they have a harder time writing than me.  The point is that it is not easy to write a book.

I’ve written a few books, tech edited a few others, and ghost-written partial books and chapters. None have been easy.  I expect this current book to be the most difficult and at the same time, have the highest expectations that this will be one of the best books written in this field.  We shall see when it comes out.  If it turns out to be a flop, it will not be due to a lack of effort and research.

Don’t do this

If you are thinking of writing a book, my advice is to not force it. I spoke with someone who wanted to write a book and he wanted to write any book on practically any topic.  The end result was no book. That was years ago and still...no book.  If I spoke to you about writing your book, and you didn't write it, this isn't about you. I was talking about a different guy....

If you are not damned determined to write a book, don’t even start because you certainly won’t finish it.

If you are damned determined to write a book, but don’t have any idea of what to write about, wait for the idea.  You can’t beat an idea out of yourself.  The idea has to be burning to get out of yourself.

If you are planning to write something that you wouldn’t pay to read, neither will anyone else.

Don't assume that everyone already knows what you are going to write about, because everyone doesn't know.

For those who have written DFIR books, kudos to each of you because I most probably read your book and might still have it on myself, even after a decade of being published. For those who will write forensic books, if you get only one sale, that one sale will probably be me.

More (potentially) big news

At a recent conference (TechnoSecurity), I sat down with the author of one of the most popular and useful forensic books ever written, and written by one of the most influential people in the DFIR field.  The book has been in print for over a decade and the topic of a second edition came up...for all you reading this, believe you me when I say that I hoped that I talked him into a second edition.  I really really want an updated version of this book, but I won't give any more pressure than I already did, until the next time I see him...

  36552 Hits
Tweet
Share on Pinterest
36552 Hits
    Previous     Next
1 2 3 4 5 6 7 8 9 10

DFIR Training

Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.


Brett's blog

© 2023 Brett Shavers